As the pace of waiting for guarantee 2.0 is getting closer, more and more people are paying attention to cloud-level guarantee. At the Yunqi Conference Security Forum held in Chengdu recently, Niu Jun paid special attention to the compliance plan of the Alibaba Cloud cloud system.
Alibaba Cloud first passed the ISO 27001 certification in 2012, and passed the new cloud computing security level protection three-level assessment in September 2016 . According to Xing Yi (Yi Xin), an Alibaba Cloud security expert, this is the first and only public cloud service platform in China that has been jointly evaluated by a national authoritative organization in accordance with cloud and other insurance requirements.
Alibaba Cloud Security Qualification History:
2012 – ISO 27001
2012 – Class III
2013 – Cloud Security International Certification Gold Medal
2013 – Trusted Cloud Service Certification
2016 – New ISO 20000 Certification
2016 – Alibaba Financial Cloud passed the SOC independent audit
2016 – CNAS cloud computing national standard test
2016 – Payment Card Industry Data Security Standard (PCI-DSS)
2016 – Singapore National Standard MTCS T3 Level Certification
Alibaba Cloud adopts the mechanism of "compliance sharing responsibility for systems on the cloud". The customer is responsible for the compliance of the tenant's system on the cloud, and Alibaba Cloud is responsible for the compliance of the cloud platform. So for Alibaba Cloud's tenants, how can we help them pass the guarantee evaluation according to the new cloud guarantee requirements?
The basic process of the implementation of graded protection includes five tasks: system grading, construction rectification, grade assessment, system filing, and supervision and inspection.
First of all, Alibaba Cloud can provide materials such as the certification of the grade guarantee record, the conclusion page of the evaluation report, and the description of the customer grade protection evaluation, to assist the tenant's cloud system to pass the grade guarantee evaluation.
In addition, in order to facilitate the system on Alibaba Cloud to quickly meet the requirements of compliance with the guarantee of compliance, Alibaba Cloud has established a "compliance ecosystem for compliance with guarantees", and cooperated with Alibaba Cloud partner consulting agencies, local evaluation agencies, and public security agencies to provide Alibaba Cloud customers with One-stop, full-process and other compliance solutions.
Division of labor for the compliance program
In the whole evaluation process, the core is to build and rectify the information system to establish a sound safety management and safety technology system. The former includes strategy, system, organization, personnel, construction, operation and maintenance, etc., while the latter includes physical environment security, network communication security, equipment and computing security, and application and data security from the bottom up.
The main means of establishing a security technology system include using security products, strengthening system configuration and developing security controls. Among them, by using mature security products, compliance requirements can be quickly met. Similarly, Alibaba Cloud can provide complete security solutions.
Four levels of solutions from physics to application
Safety Cow Review
The advantage of Alibaba Cloud is that it has rich experience in cloud system evaluation, a full line of security protection products, and a one-stop overall solution, which reduces a lot of communication and organization work for cloud tenants in evaluation work. At the same time, cloud security products that fully meet compliance requirements also save users the complicated work of selection and deployment, and save investment costs in security.
Original link: http://www.aqniu.com/tools-tech/25595.html