Securing Your Workloads with Alibaba Cloud Security


Alibaba Security
Host Security
PREVIEW16m 52s
14m 14s

The course is part of this learning path

Introduction to Alibaba Cloud Security

In this course, we'll take a look at Alibaba Cloud security products to ensure host, network, apps, and data security.

Learning Objectives

  • Get a good understanding of Alibaba Cloud's Security portfolio
  • Learn how to defend your workloads from a variety of threats at the host, application, and network layer
  • Learn how to encrypt your data at rest and in transit
  • Learn how to potentially deal with unwanted user-generated content

Intended Audience

This course is intended for anyone looking to use the products in Alibaba's security portfolio in order to sure their Alibaba Cloud workloads, as well as anyone studying for the ACP Cloud Computing certification exam.


To get the most out of this course, you should have a basic understanding of the Alibaba Cloud platform.


Hello, and welcome back to the course. In this section, we'll take a look at Alibaba Cloud security products, we'll have an overview of host data network and application security. But before that, we'll start with a brief introduction. I want to introduce you to Alibaba Cloud's platform security model. So what do I mean by that? Well, I'm talking about the shared responsibility model that we use to separate customer responsibilities from Alibaba Cloud responsibilities. Which you can see in this diagram here.

At the bottom layer, in yellow, we have things that are the responsibility of Alibaba Cloud. So from a security standpoint, Alibaba Cloud is responsible for the physical security of our data centers, the security of the hardware in those data centers, the security of the cloud platform itself, the integrity of the account system that you use to log in, the security of each cloud service that we build and deploy, and then virtualization layer security. So the security of the service that launches and schedules virtual machines.

All those things in yellow at the bottom are Alibaba Cloud's responsibility. On top of that, we have things that are the customer's responsibility. So you, as a user of Alibaba Cloud, need to worry about the things in orange. If you have a security issue with any of the things shown in orange here, then the responsibility to resolve that security issue falls on you. That includes data security, network security, virtual machine security, that means security of the operating system in the VM. Application security, so the security of any applications you've deployed.

Operational security, so who is allowed to do what and when. You're responsible for setting those permissions. And business security, you need to make sure that you understand the risks that apply to the application that you want to deploy, and that your business structure and logic is built in a way where your application can sustainably run without any major security incidents. Those things are all your responsibility as the customer, we will help you deal with the hardware, physical and platform security underneath of all that.

So here we see the Alibaba Cloud security architecture in a little bit more detail. So you can see again at the very bottom there's cloud platform security, those things are Alibaba's responsibility. And then on top of that, there's user infrastructure, user data, user application, user business. Those things are the user's responsibility. So you need to, again, ensure that any containers or VMs you're running are safe, that their network configuration is compliant and safe, that you're using encryption to secure data at rest, et cetera, et cetera.

User account security. Although it's not easy to tell from this slide and the previous slide, user account security is a shared responsibility. The security and integrity of the Alibaba Cloud account system is our responsibility. But of course, as the user, it's your responsibility to turn on multifactor authentication and choose a strong password and be careful about who you grant privileges to when you create end users. Then there's user security monitoring and operations, all the way on the right. I want to point this out because these are products that we provide to help you mitigate the workload associated with managing your own security. So you can see that quite a lot of the security responsibility falls on you as the user.

All the applications you're running, the patching and updating of the virtual machines that you're running, all of that falls on you as the user. So what tools can we provide you to help you stay safe, to help you detect and mitigate threats. Well, there's quite a few, we offer penetration testing, security consulting, and then also a log audit service, baseline configuration checking, and several kinds of threat detection and response tools. Most of which can be automated. So you're not on your own. But we do have tools to help you manage some of these security problems that you might encounter. 

Although at its heart, it might seem like Alibaba Group is an e-commerce company, we're really a data company. And Alibaba Cloud is on the forefront of protecting our user data from attackers. We currently lead the cloud security market in China. We protect 40% of websites that are hosted here. We mitigate 3.6 billion, yes, billion, attacks each day. And we defend against upwards of 1,500 DDoS attacks every day, with a total volume of more than a terabit per second on average. That's the 2018 figure, it's probably higher now. And we quarantine something like 140,000 malicious files that we detect being installed on ECS instances each day. Again, that's for users who have failed to secure their instances. They may be vulnerable to viruses and trojans, and we have a security center tool that can help them to detect that. And it does. More than 140,000 times a day, it helps protect users against trojans, viruses and other malicious software being installed on their ECS instances.

Our security expertise comes from our own hard won experience. We've now been running the double 11 sales festival for more than 10 years, and we have multiple different Alibaba business unit depending on Alibaba Cloud to keep them up and running. That includes Cainio for logistics. All of our e-commerce platforms; Alibaba, Ali Express, 1688, Tmall and Taobao, as well as Ant Financial, which is in charge of micro-loans, Alipay, insurance, and also several other banking related products. So all three of those major components within the company all depend on Alibaba Cloud for security. On last year's double 11, excuse me, 2018, double 11 alone. We received attack traffic from more than 194 different countries, China included of course, with over 5,000 DDoS attacks launched during that single day. So as you can see, we are a very popular attack target during the double 11 sale up over and above our usual high level of attacks that we experience day to day. On that one day, we received over 2 billion attacks from the public internet. And despite that high level of attacks, we were still able to keep our service up and running smoothly for our users with no data loss and no downtime. So now that I've painted a picture of Alibaba Cloud's own security background, let's get into host security and see what capabilities we can offer to end users in that domain.

About the Author
Learning Paths

Alibaba Cloud, founded in 2009, is a global leader in cloud computing and artificial intelligence, providing services to thousands of enterprises, developers, and governments organizations in more than 200 countries and regions. Committed to the success of its customers, Alibaba Cloud provides reliable and secure cloud computing and data processing capabilities as a part of its online solutions.