We’re currently covering the Apsara Conference 2019, Alibaba Group’s largest annual event that has become a platform for the company to announce and provide a panoramic view of its new technologies, vision and product updates.
Although security isn’t the primary focus of the conference, Yunfei He, General Manager of Product Management, Alibaba Cloud Intelligence, and many of the keynote speakers reminded the audience that in our excitement and eagerness to welcome innovation and new technology, security has to be the foundation of everything. This is especially true in the era of the proliferation of smart devices where everything can be connected.
In this article, we look at some of the cybersecurity-related topics touched during the three day conference and Alibaba’s own journey and stance in this space over the years.
Security and Trust as First Priority
During the event itself, various speakers from Alibaba Cloud mentioned that data privacy and protection is a top priority for Alibaba Cloud. The company is committed to complying with local regulations and industry standards, and currently has over 70 security and compliance accreditations worldwide. At the Apsara Conference 2019, this commitment was reinforced with the launch of a number of new products that support security and trust within a client’s network.
Among the announcements included the new Alibaba Cloud Security Whitepaper 4.0, which has redefined security frameworks for 360-degree protection in a cloud-native world, enabling end-to-end encryption on the public cloud. Additional enhanced options including Bring Your Own Key (BYOK) that can provide customers with full controls over encryption.
This was announced as part of the feature of the new PolarDB box database appliance by Feifei Li, VP of Alibaba Group as well as President and Senior Fellow of Database System, Alibaba Cloud Intelligence.
Also announced was the newly launched OSS Inner Trail which will log all applicable cloud operations, providing an additional layer of transparency to the customers who may have a higher demand on compliance and audits, for example customers in the finance industry.
Alibaba Cloud Security Over the Years
Back in 2014, Alibaba Cloud made the news when it helped to protect against one of the largest DDoS attacks ever recorded, lasting as long as 14 hours and reached peak attacking traffic of 453.8 gigabytes per second.
And then in 2015, Alibaba Cloud issued a Data Protection Pact that outlined the company’s commitment to protecting consumer and business data privacy. A year later, the company achieved two new certifications abroad: Singapore Multi-Tier Cloud Security (MTCS) standard Level 3 and the Payment Card Industry Data Security Standard (PCI-DSS). These were on top of the previously awarded Information Security Management System Certification ISO27001 and Cloud Security Alliance (CSA) Star certification.
Alibaba Cloud soon joined other international tech companies such as SAP, IBM and Oracle in forming a general assembly for the EU Cloud CoC, the Code of Conduct for Cloud Service Providers.
In December 2017, Alibaba Cloud completed its assessment for the Cloud Computing Compliance Controls Catalogue (C5), set out by the Federal Office for Information Security in Germany, also known as the Bundesamt für Sicherheit in der Informationstechnik (BSI).
Last year, Alibaba Cloud joined the Privacy Shield Program, demonstrating that its privacy programs, policies and practices meet the requirements of the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework, which were designed by the US Department of Commerce, the European Commission and Swiss Administration, respectively.
Meanwhile, just this year, Alibaba Cloud became the first cloud provider to secure the Association of Banks in Singapore (ABS)’s outsourced Services Providers Audit Report (OSPAR) validation, and fully compliant with the Hong Kong Monetary Authority (HKMA) Independent Assessment guidelines.
All these were shared by Alibaba to showcase its commitment to complying with local regulations and industry standards, and the company currently has more than 70 security and compliance accreditations worldwide.
For more on the happenings and announcements from the Apsara Conference 2019, click the following links for our coverage of the day one and day two highlights.