Abstract: At present, data security problems emerge in an endless stream, and data security has become the lifeline of enterprise users. To ensure user data security, Alibaba Cloud ECS has officially released the "ECS disk encryption" function to customers across the network. The Alibaba Cloud ECS disk encryption function can encrypt cloud disks and shared block storage, and provides a simple but very secure encryption method to encrypt newly created cloud disks.
Traditional encryption methods will bring extremely high usage costs to users: building key management infrastructure and changing business processes, while improving security, reduces operational efficiency and increases operational costs.
The difference between ECS disk encryption and traditional encryption methods is that customers do not need to build, maintain and protect their own key management infrastructure in public clouds, nor do they need to change any existing applications and operation and maintenance processes, and do not need to do additional encryption and decryption. Operation, the disk encryption function is completely insensitive to the business. Through this function, Alibaba Cloud customers can encrypt the data of the specified cloud disk on the ECS cloud server, and each newly created cloud disk is encrypted with a unique 256-bit key. Once encrypted, all snapshots of this cloud disk and subsequent cloud disks created from those snapshots are also associated with this key. Therefore, once the data is encrypted, unless the encryption state is released, the data will be encrypted for life.
These keys are protected by the Alibaba Cloud Key Management Service (KMS) complete infrastructure (provided by the Key Management Service), which complies with the recommendations in (NIST) 800-57 and uses compliant ( FIPS) 140-2 standard cryptographic algorithms, KMS will implement strong logical and physical security controls to prevent unauthorized access. Your data and associated keys are encrypted using industry-standard 256-bit strong encryption algorithms.
Alibaba Cloud's ECS disk encryption system meets the industry's most stringent international and domestic standards. It is understood that:
International standards such as: British Standards Institute (bsi) and Cloud Security Alliance (CSA), an international cloud security authority, jointly launched CSA STAR, PCI DSS issued by the international third-party payment general industry standard, and Germany's C5 KRY-03. These can meet the business needs of overseas customers.
For example, domestic standards: meet the security requirements of "8.1.3.7 Mirroring and snapshots" and "8.1.4.5 Data Confidentiality" in the fourth level of "Basic Requirements for Information System Security Level Protection GB/T 22239-2008 (Draft for Review)" .
Alibaba Cloud will continue to strengthen and meet the increasing data security demands of users, and actively conduct in-depth discussions and cooperation with various domestic and foreign standard industry organizations and standards organizations to meet the data security demands of customers in various industries.
Original link: https://yq.aliyun.com/articles/221180