Abstract:

At present, data security problems emerge one after another, and data security has become the lifeline of enterprise users. In order to ensure user data security, Ali Cloud ECS cloud server officially released the “ECS disk encryption” function to the whole network customers.

The aliyun ECS disk encryption function encrypts cloud disks and shared block storage, and provides a simple but secure encryption method to encrypt newly created cloud disks.

Traditional encryption brings high cost to users. Key management infrastructure is set up and business processes are changed. Security is improved, but operation efficiency is reduced and operation cost is increased.

ECS disk encryption differs from traditional encryption methods in that customers do not need to build, maintain, or protect their own key management infrastructure in the public cloud, nor do they need to change any existing applications, o&M processes, or perform additional encryption and decryption operations. Therefore, the disk encryption function is completely unsensitive to services. With this function, aliyun customers can encrypt data on specified cloud disks on ECS cloud servers. Each newly created cloud disk is encrypted with a unique 256-bit key. Once encrypted, all snapshots of the cloud disk and subsequent cloud disks created from these snapshots are also associated with the key. Therefore, once the data is encrypted, unless the encryption state is unencrypted, the data will be encrypted for life.

These keys are protected by ali Cloud Key Management Service (KMS) ‘s complete infrastructure (provided by KMS), which complies with (NIST) 800-57 and uses (FIPS) 140-2 standard cryptography algorithm, KMS will implement strong logical and physical security controls to prevent unauthorized access. Your data and associated keys are encrypted using industry standard 256-bit strong encryption algorithms. Ali Cloud this ECS disk encryption system, to meet the industry’s most stringent international standards and domestic standards, it is understood that:

International standards such as: British Standards Institute (BSI) and international cloud security authority cloud Security Alliance (CSA) jointly launched CSA STAR, international third-party payment general industry standard issued PCI DSS, Germany’S C5 KRY-03. These can meet the business needs of overseas customers. Domestic standards such as: meet the “Information System security level protection basic Requirements GB/T 22239-2008 (submitted for review)” in the fourth level of “8.1.3.7 mirror and snapshot” and “8.1.4.5 data confidentiality” security requirements.

Ali Cloud will continue to strengthen and meet users’ increasing demand for data security, and actively cooperate with various domestic and foreign standards industry organizations and standards organizations for in-depth discussion and cooperation, to meet the data security demands of customers in various industries.