Alibaba Cloud Security: Key Features & Best Practices

In this blog, we explore Alibaba Cloud security. We will discuss easy methods to secure your data and protect your information in the cloud. Learn how to keep your data safe with Alibaba Cloud.
By SentinelOne September 25, 2024

Companies are migrating to cloud technology due to the number of benefits it provides when compared with traditional ways of hosting and deploying applications. Some of them include better scalability, cost efficiency, etc. Alibaba is one such cloud provider that is widely used across the globe by various companies for deploying applications and storing data. Alibaba has a significant market share when it comes to IaaS (Infrastructure-as-a-Service), which is fairly high.

However, with great power comes great responsibility. In December 2021, Alibaba Cloud experienced a significant security breach. A hacker claimed to have stolen data from over 1.1 billion Chinese citizens from the Shanghai National Police database, which was hosted on Alibaba Cloud. This incident highlighted critical vulnerabilities in how some organizations configure and secure their data on cloud platforms. The breach wasn’t due to a flaw in Alibaba Cloud’s infrastructure but rather resulted from a misconfiguration of the database that left it exposed to the public internet without proper authentication.

As Alibaba Cloud deals with sensitive data, securing it is crucial to avoid threat actors accessing internal company data. In this blog post, we will discuss Alibaba Cloud’s security services and tools. We will discuss best practices for enhancing Alibaba Cloud security and provide steps to resolve common vulnerabilities. This blog will help you gain an understanding of Alibaba Cloud security and how to protect the assets effectively.

Alibaba Cloud Security - Featured Image | SentinelOneUnderstanding Alibaba Cloud

Alibaba Cloud is a cloud service provider similar to AWS and GCP and is widely used in the Asia region. Alibaba Cloud offers multiple tools and services to help businesses grow and implement their solutions. Some of the services offered by Alibaba Cloud include computing, storage, networking, IAM, etc.

With the rise of containers and Kubernetes for deployments, it is important to secure them as well. Alibaba offers various services such as Alibaba Cloud Kubernetes and Elastic Container Instance to help companies secure containers and K8s environments. Not just this, Alibaba also offers tools for modern-day technologies such as AI (artificial intelligence) and ML (machine learning).

Alibaba Cloud customers face unique challenges in securing their data and applications. These include:

  1. Companies operating in China have to face complex regulatory requirements, such as the Cybersecurity Law and the Data Security Law.
  2. Alibaba Cloud users may face limitations when moving data out of mainland China, impacting global operations.
  3. Compared to Western cloud providers, Alibaba Cloud may have fewer options for integrating with popular security tools and services.

To increase users’ trust in the security of their cloud, Alibaba has obtained multiple security certifications from around the world. To name a few, Alibaba is certified with the Payment Card Industry Data Security Standard (PCI-DSS) and Singapore Multi-Tier Cloud Security (MTCS) standard Level 3.

Core Security Features of Alibaba Cloud

Alibaba Cloud provides users with multiple features to secure their data. Some of them are as follows:

1. Identity and Access Management

Alibaba Cloud provides a central management system for the admin to manage their customers and their respective permissions. IAM helps administrators create policies to define new roles or edit existing roles and manage the access level every time a new user is added.

These access policies help restrict users’ access to resources, which saves organizations from unauthorized access and data breaches. To add one more layer of security, MFA should be enforced across the system, which acts as a second layer of defense and helps to avoid brute-force attacks.

2. Data Encryption

Secure transmission has always been an important part of cloud security. Sensitive information is encrypted using the services provided by Alibaba Cloud. Data is then stored in databases and storage services at rest, which involves keeping it secure such that no unauthorized user is allowed to access it.

Data is encrypted using strong encryption algorithms such as AES or 3DES, such that if someone were to get into the actual physical storage and view the data there, the only thing that they would be able to see is some random gibberish, which is actually encrypted data.

On the other hand, data on networks is often transmitted using secure protocols involving HTTPS and TLS, and the configuration enabled on Alibaba Cloud ensures that the data is encrypted in transit or at-motion as well.

3. Key Management Service (KMS)

Alibaba Cloud provides a key management service (KMS) to store secrets such as encryption keys and manage them centrally in the cloud. Users can create, import, and manage keys using the KMS.

Using KMS, companies can also define access controls for how users should be allowed to use the key. It also provides the option to maintain logs so you can see who is making the call to use the key and for what.

4. SSL/TLS Certificates

The SSL/TLS certificates are issued by Alibaba Cloud to provide secure connections between clients and servers. These certificates are used to secure the connection over the internet, which creates an encrypted channel when the data is exchanged. Nowadays, organizations continue protecting the data being transmitted by the use of SSL/TLS by encrypting the data that is transmitted between the users and the application to prevent interception or tampering with it.

5. Network Security

Alibaba Cloud offers network security in which virtual private clouds (VPCs) are used. VPCs work in a manner that lets the user create an isolated network within the cloud. The VPC is isolated from the rest of the cloud. This helps in the management of resources, and controlling the flow of traffic also becomes easier when these resources are isolated.

Besides the creation of VPCs, Alibaba Cloud also assists in setting up security groups. These security groups are virtually defined firewalls with assigned rules for the given group of resources. They facilitate the controlling of both incoming and outgoing network traffic.

6. Anti-DDoS Protection

The anti-distributed denial of service support is an important feature provided by Alibaba Cloud, as DDoS attacks are one of the major threats to servers and the overall IT infrastructure. Its purpose is to protect the system against large-scale data requests from multiple sources.

These attacks are launched and executed in order to threaten the company, shut down the company servers, and make the system more vulnerable to data breaches. The Anti-DoS measures available at Alibaba work through the traffic cleaning and reassignment to different traffic flows, as well as the in-time identification of possible issues maintaining the flow pattern and keeping the system free from threats.

Security Tools and Services for Alibaba Cloud Security

Security tools are required by organizations to protect themselves from threats and vulnerabilities. Some of the security tools and services provided by Alibaba Cloud are as follows:

#1. Alibaba Cloud Security Center

For threat detection, vulnerability assessment, and compliance management, Alibaba offers a central security management known as Alibaba Cloud Security Center. It has some key features as:

  • Asset Management: It automatically discovers and manages all cloud assets, including ECS instances, RDS databases, and SLB load balancers. For example, it manages ECS instances, RDS databases, and SLB load balancers and shows total assets on a central dashboard. It also tracks asset changes and configurations in real-time.
  • Threat Detection: Alibaba Cloud Security Center uses machine learning and big data analysis to detect possible security threats. It identifies unusual login attempts, suspicious processes, and abnormal network communication.
  • Vulnerability Management: Alibaba Cloud Security Center uses security plugins to scan software problems, configuration problems, and outdated list of rules periodically. It supports both agentless and agent-based scanning and provides solutions to resolve the found issues.
  • Compliance Assessment: Alibaba Cloud Security Center shows the current state of compliance with pre-configured compliance checks. It offers compliance checks for CIS, PCI DSS, and ISO 27001, as well as customizable compliance checks. It also generates compliance reports for audits.
  • Log Analysis: It collects and analyzes logs from a variety of cloud services such as ECS, SLB, RDS, and security services such as DDoS, Cloud Firewall, and Cloud Monitor. It provides a web interface for log searches and displays the security events on a single dashboard. It is also possible to store logs for further analysis.

#2. Web Application Firewall (WAF)

Alibaba Cloud offers WAF as a security service to protect web applications from various web-based attacks. Some of its key features are:

  • HTTP(S) Protection: It provides inspection for both HTTP and HTTPS traffic. It includes TLS/SSL offloading to reduce the HTTP processing load on backend servers, with the ability to support uploading and using custom SSL certificates.
  • Web Attack Protection: It protects the application from OWASP Top 10 vulnerabilities, such as SQL injection, XSS, and CSRF. This service uses machine learning to protect applications from zero-day exploits and supports custom rule sets for customized protection.
  • Bot Management: Alibaba Cloud WAF identifies and blocks bot traffic. It supports good bots and uses challenges to help manage the traffic, such as CAPTCHA and JavaScript challenges.
  • Access Control: Alibaba Cloud WAF allows access control lists for blacklisting and whitelisting based on IPs.
  • Data Leak Prevention: It also includes rate-limiting algorithms to prevent brute-force attacks. Alibaba Cloud WAF can also scan outgoing traffic patterns to protect confidential data and build rules to detect such data.

#3. Anti-Bot service

Alibaba Cloud Anti-Bot Service is a dedicated solution to identify and eliminate malicious bot traffic against web applications, mobile APIs, and apps. Some of the key features of the service are as follows:

  • Bot Identification: Bot identification is done through multiple algorithms that can find the difference between human, legitimate bot, and malicious bot traffic.
  • Protection Modes: The service offers an observation mode for traffic monitoring and logging, a prevention mode for active handling of the identified bot traffic, and a custom mode for personalized handling of bots.
  • Intelligent Protection: It processes the traffic patterns from older data and uses that to determine the traffic spike and then takes action according to that.
  • Application-Layer Protection: It protects against web scraping, which can lead to content theft. It also helps in avoiding click fraud and ad fraud in web applications.
  • API Protection: It supports OAuth and custom authentication schemes and prevents API abuse and unauthorized data access.

Understanding Compliance and Governance

Compliance and Governance are important parts of cloud architecture. Alibaba increases the customer’s trust by following standards such as Payment Card Industry Data Security Standard (PCI-DSS), General Data Protection Regulation (GDPR), ISO/IEC 27001, and many more.

Alibaba Cloud has certifications like PCI-DSS. This demonstrates that Alibaba is committed to meeting global security standards. Some of the key compliance and governance challenges for Alibaba Cloud users include:

  1. First is data localization requirements. Many countries have strict requirements about where the data must be stored.
  2. Companies operating in industries like healthcare (HIPAA) and finance (GDPR, PSD2) have strict data protection requirements.
  3. Audit trails and accountability are another major challenge. Organizations need to track and report on data access and usage.

Alibaba Cloud Security addresses these issues through several means:

  1. Alibaba Cloud offers auditing and reporting features. This helps organizations maintain detailed logs of all activities happening within their cloud environment.
  2. Alibaba Cloud provides proper documentation to clients on compliance requirements for different regions and based on customer requirements.
  3. Users can choose specific data center locations for their resources to ensure compliance with data localization laws.

Incident Response and Management

In order for the cloud to maintain its security, Alibaba Cloud uses incident response and management plans. An incident response strategy is required by organizations to handle security incidents and resolve them as fast as possible.

Organizations often develop an incident response plan (IRP) that outlines procedures, roles, and responsibilities, ensuring that all team members understand their tasks during an incident. The IRP (incident response plan) serves as a roadmap for the incident response team, enabling them to act quickly and efficiently when a security breach occurs.

Alibaba Cloud offers multiple tools to help enterprises with incident response management. Some of them include:

  1. Security Center: The platform provides real-time threat detection, vulnerability assessment, and centralized security policy management.
  2. ActionTrail: Similar to AWS CloudTrail, ActionTrail provides detailed logs of all API calls made to Alibaba Cloud services. This data is used for forensics during incident response.
  3. Alibaba offers a Simple Log Service platform for collecting, processing, and analyzing logs from various sources. This tool helps with easy detection and investigation in the event of security incidents.

Best Practices for Securing Alibaba Cloud Environment

Some of the best practices that should be followed for securing Alibaba Cloud Environment:

#1. Regular Security Assessments and Audits

It is important to conduct regular security assessments and audits as they help measure safety. Security assessments and audits evaluate the security measures in place as well as determine any misconfigurations in an organization’s cloud. They help to ensure compliance with industry standards and regulations and validate the performance of existing security controls.

#2. Implementing Least Privilege Principles

This is a fundamental requirement in securing a cloud since it minimizes its risk. The approach reduces an organization’s security attack levels by ensuring that each user is granted the information that he or she needs to access relevant data and perform duties.

#3. Security Awareness Training for Cloud Engineers

It is essential to establish a program to educate the engineers on various threats and how to identify them. The training should be equipped with various trainee materials and drills that replicate actual attack scenarios. Second, simulations of phishing attempts by experienced security team members should be conducted.

Moreover, it is important to periodically change the training program to ensure that the information shared is current and effective. Also, discussing reported incidents with the company employees minimizes further damages from occurring.

Alibaba Cloud also offers a Cloud Security Certification Program to increase awareness amongst users. This program offers role-based certifications for cloud security professionals.

For companies who intensively use cloud providers, security training programs should incorporate:

  • Cloud-specific security risks, along with how to react in case an incident happens
  • Hands-on labs for secure configuration of Alibaba Cloud services for better understanding
  • Role-specific training modules (e.g., for developers, system administrators, etc.)

Security Integration and Automation

Security integration and automation are essential activities that should occur in an environment using Alibaba Cloud. These processes are important as they can improve the overall security posture of the company. This is done using specialized tools and improves incident response times through automated alerts and actions.

  • Automating Security Tasks with Alibaba Cloud

Automating security tasks on Alibaba Cloud can significantly enhance operational efficiency and reduce the burden on security teams. Alibaba’s ActionTrail is used to create a trail that logs user activity and API calls. Sometimes, the whole process can become a bit difficult and time-consuming. Thus, it is recommended to create and automate the event of sending an alert for cases such as if the user or API did not exist previously or if other actions are suspected of inappropriate behavior.

  • Integration with Third-Party Security Tools

To build a more effective security framework, organizations may want to consider integrating Alibaba Cloud with third-party security tools. Typically, to enhance their security measures, companies use various tools, including Security Information and Event Management systems, intrusion detection systems, and vulnerability management tools. The connectivity between Alibaba Cloud Solutions and third-party security tools can be achieved through APIs and webhooks, providing real-time data sharing.

  • Advantages of Integrating and Automating Security Processes

The major benefits of integrating and automating security processes include the enhanced efficiency of the measures, more effective threat detection, and lower operating costs. The main advantage is that with the use of automated workflows, security teams have to interact with the measures only in a strategic manner.

Conclusion

Alibaba Cloud helps increase the efficiency of business operations with its multiple features, such as identity and access management, encryption techniques, anti-DDoS protection, and many more. All these features, combined with Alibaba’s efforts towards maintaining compliance, help the organization build a strong defense for its assets. It decreases the risk of human error by allowing integration and automation of its security process for the business infrastructure.

If a business automates its daily tasks, it can use its leftover time and saved resources for other tasks. These tasks can include threat analysis, incident response, etc. For the organization to make full use of Alibaba’s security features, companies should implement best practices like regular security assessments and implementing least privilege principles.

Alibaba offers a smooth integration of third-party tools with its services, which helps organizations gain a broader view of their security standing. The integration of tools and services helps in real-time data sharing, which enables faster identification and resolution of potential threats. This integration offers more than just security. It also helps the organization be compliant and makes sure that organizations are ready to tackle any threat that might come their way.

To further improve Alibaba Cloud security, organizations should implement SentinelOne’s advanced security solutions. The platform offers threat detection, automated response capabilities, and seamless integration with Alibaba Cloud services.

Faqs:

1. Is Alibaba Cloud secure?

Yes, Alibaba Cloud is considered secure. It offers excellent security features and complies with a range of international security standards. However, like any cloud platform, its security is only as good as the resources you have, as well as how you configure and manage your configuration. To ensure data stored in Alibaba is secure, companies need to invest time and resources to ensure they don’t neglect basic security misconfigurations.

2. Is Alibaba Cloud better than AWS?

This depends on your needs. Alibaba Cloud is often more affordable and has a larger presence in Asia. As the world’s biggest provider of cloud services, however, AWS has a bigger global market share as well as service availability. In terms of security, it’s worth noting that both provide robust security features. So, your choice would completely depend on your specific requirements, budget, and regional considerations. Alibaba Cloud works best in China and parts of Southeast Asia. Alibaba Cloud offers lower latency and better compliance with local regulations.

3. Is Alibaba Cloud private?

Alibaba Cloud provides both public and private cloud settings, and its Virtual Private Cloud service on the Alibaba Cloud can be used to create isolated private networks that provide the same level of privacy as traditional cloud-only data centers.

4. What are the disadvantages of Alibaba Cloud Security?

Some of the disadvantages of Alibaba may include the steeper learning curve compared to already familiar tool sets and software for those who are new to this cloud, as it includes its documentation and interface. On the global level, businesses working in industries like payment and healthcare have to face regulatory challenges when using Chinese cloud providers. Also, some Chinese companies have recently started using non-Chinese cloud solutions due to security concerns with domestic providers like Alibaba Cloud.

Your Cloud Security—Fully Assessed in 30 Minutes.

Meet with a SentinelOne expert to evaluate your cloud security posture across multi-cloud environments, uncover cloud assets, misconfigurations, secret scanning, and prioritize risks with Verified Exploit Paths.