SlideShare a Scribd company logo

Protecting Your Big Data on the Cloud

Alibaba Cloud, profile picture
Alibaba Cloud

The document outlines the security risks associated with enterprises migrating to cloud services, emphasizing threats such as data leakage and account hijacking. It details the structure and security goals of Alibaba Cloud accounts, including the importance of identity and access management (IAM) practices. Additionally, it describes the Resource Access Management (RAM) features designed to facilitate centralized user and permission management while ensuring secure access to cloud resources.

Technology
Related topics:
Cloud Computing Insights Information Security Data SecurityNetwork Security
1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Protecting Your Data on the Cloud Derek Meng
01 03 02Information security management of enterprise's migration to cloud Overview 04 RAM Product Design RAM User and MaxCompute Demo: Add RAM user into MaxCompute Project
CSA 2016: Top 12 security threats of enterprise's migration to cloud Data leakage AccessKey or password leakage/ Lack of IAM practices API security System and application software vulnerabilities Account sharing or hijacking Internal attacks (employees/outsourced personnel/ISVs) APTs Data loss Insufficient understanding of cloud Technologies Malicious utilization of cloud services Denial of Service (DoS) Technical module sharing https://cloudsecurityalliance.org/group/top-threats/ 1 2 3 4 5 6 7 8 9 10 11 12
About Alibaba Cloud accounts Alibaba Cloud Resources Alibaba Cloud Account 2 (Tenant2) • Basic unit for multi-tenant isolation on the cloud platform • Owner of resources (ResourceOwner) • Subject of metering and billing • Permission administrator (root) Alibaba Cloud Resources Alibaba Cloud Account 1 (Tenant1) Explanations about Alibaba Cloud accounts
Alibaba Cloud account security • Security goal of Alibaba Cloud accounts: Protect cloud resources from unauthorized access • Credentials - Password - Multi-factor authentication (MFA) - API AccessKey Alibaba Cloud Resources Alibaba Cloud Account 1 (Tenant1)
Alibaba Cloud account vs User Who is the user? Employee Alibaba Cloud Resources Alibaba Cloud Account (Buyer)
Application Alibaba Cloud Resources Alibaba Cloud Account (Buyer) App Alibaba Cloud account vs User Who is the user?
Mobile App Alibaba Cloud Resources Alibaba Cloud Account (Buyer) App Client Alibaba Cloud account vs User Who is the user?
An Alibaba Cloud service Alibaba Cloud Resources Alibaba Cloud Account (Buyer) ECS Alibaba Cloud account vs User Who is the user?
How to centrally manage the identities and access permissions of users for tenants? Question
01 03 02Information security management of enterprise's migration to cloud Overview 04 RAM Product Design RAM User and MaxCompute Demo: Add RAM user into MaxCompute Project
RAM (Resource Access Management) Alibaba Cloud Resources Alibaba Cloud Account (Tenant) RAMApp User authorization policy User • Centralized user management • Centralized permission management • Unified access control • Centralized user audit • Unified bill RAM core features App
Authorization capabilities: the minimum granularity and the strongest control Scenario description: To authorize an employee to download only the privatebucket data of OSS, the operator must be in the internal network with MFA logon authentication. RAM authorization policy description (Policy language): A traditional access control matrix (e.g., ACL) cannot describe Grant what operation On what object To what user; { "Version":"1", "Statement":[ { "Effect":"Allow", "Action":"oss:Get*", "Resource":"acs:oss:*:*:privatebucket/*", "Condition":{ "Bool":{ "acs:MFAPresent":"true" }, "IpAddress":{ "acs:SourceIp":"42.120.88.0/24" } } } ] }
Implementation of RAM user authorization Alibaba Cloud Resources Alibaba Cloud Account (Tenant) Check PermissionApp User authorization policy User App Console or APIInternet User characteristic Request characteristic Resource characteristic
Protecting Your Big Data on the Cloud

More Related Content

PPTX
Leveraging ApsaraDB to Deploy Business Data on the Cloud
Oliver Theobald
 
PPTX
Migration to Alibaba Cloud
Alibaba Cloud
 
PPTX
Launch and Scale Your E-commerce Website with Magento
Alibaba Cloud
 
PPTX
Big Data Quickstart Series 3: Perform Data Integration
Alibaba Cloud
 
PPTX
How to Leverage Big Data to Deliver Smart Logistics
Alibaba Cloud
 
PDF
Getting Started with Elasticsearch
Alibaba Cloud
 
PPTX
Introduction to Alibaba Cloud
gavaskar s
 
PPTX
Discovering Cloud Networking: VPC, VPN, Express Connect & Server Load Balancer
Alibaba Cloud
 
Leveraging ApsaraDB to Deploy Business Data on the Cloud
Oliver Theobald
 
Migration to Alibaba Cloud
Alibaba Cloud
 
Launch and Scale Your E-commerce Website with Magento
Alibaba Cloud
 
Big Data Quickstart Series 3: Perform Data Integration
Alibaba Cloud
 
How to Leverage Big Data to Deliver Smart Logistics
Alibaba Cloud
 
Getting Started with Elasticsearch
Alibaba Cloud
 
Introduction to Alibaba Cloud
gavaskar s
 
Discovering Cloud Networking: VPC, VPN, Express Connect & Server Load Balancer
Alibaba Cloud
 

What's hot (18)

PDF
Serverless Computing: Driving Innovation and Business Value
Alibaba Cloud
 
PPTX
Responding to Digital Transformation With RDS Database Technology
Alibaba Cloud
 
PDF
Why a Multi-cloud Strategy is Essential
Alibaba Cloud
 
PPTX
How to Set Up ApsaraDB for RDS on Alibaba Cloud
Alibaba Cloud
 
PDF
Aneka platform
Shyam Krishna Khadka
 
PDF
Building Complete Private Clouds with Apache CloudStack and Riak CS
John Burwell
 
PPTX
Benchmark of Alibaba Cloud capabilities
Huxi LI
 
PPTX
AliCloud Object Storage Service (OSS) Core Features
Alibaba Cloud
 
PDF
Better, faster, cheaper infrastructure with apache cloud stack and riak cs redux
John Burwell
 
PPTX
Cloud Bursting with A10 Lightning ADS
Akshay Mathur
 
PDF
Cloudlytics: In Depth S3 & CloudFront Log Analysis - Featuring Reports
Blazeclan Technologies Private Limited
 
PDF
Kubernetes Connectivity to Cloud Native Kafka | Christina Lin and Evan Shorti...
HostedbyConfluent
 
PPT
AWS Summit Berlin 2013 - Big Data Analytics
AWS Germany
 
PPTX
NextGen IBM Cloud Monitoring and Logging
Nagesh Ramamoorthy
 
PDF
Designing For Multicloud, CF Summit Frankfurt 2016
Mark D'Cunha
 
PPTX
IBM Cloud Object Storage
Nagesh Ramamoorthy
 
PDF
Microsoft: Building a Massively Scalable System with DataStax and Microsoft's...
DataStax Academy
 
PPTX
Applying ML on your Data in Motion with AWS and Confluent | Joseph Morais, Co...
HostedbyConfluent
 
Serverless Computing: Driving Innovation and Business Value
Alibaba Cloud
 
Responding to Digital Transformation With RDS Database Technology
Alibaba Cloud
 
Why a Multi-cloud Strategy is Essential
Alibaba Cloud
 
How to Set Up ApsaraDB for RDS on Alibaba Cloud
Alibaba Cloud
 
Aneka platform
Shyam Krishna Khadka
 
Building Complete Private Clouds with Apache CloudStack and Riak CS
John Burwell
 
Benchmark of Alibaba Cloud capabilities
Huxi LI
 
AliCloud Object Storage Service (OSS) Core Features
Alibaba Cloud
 
Better, faster, cheaper infrastructure with apache cloud stack and riak cs redux
John Burwell
 
Cloud Bursting with A10 Lightning ADS
Akshay Mathur
 
Cloudlytics: In Depth S3 & CloudFront Log Analysis - Featuring Reports
Blazeclan Technologies Private Limited
 
Kubernetes Connectivity to Cloud Native Kafka | Christina Lin and Evan Shorti...
HostedbyConfluent
 
AWS Summit Berlin 2013 - Big Data Analytics
AWS Germany
 
NextGen IBM Cloud Monitoring and Logging
Nagesh Ramamoorthy
 
Designing For Multicloud, CF Summit Frankfurt 2016
Mark D'Cunha
 
IBM Cloud Object Storage
Nagesh Ramamoorthy
 
Microsoft: Building a Massively Scalable System with DataStax and Microsoft's...
DataStax Academy
 
Applying ML on your Data in Motion with AWS and Confluent | Joseph Morais, Co...
HostedbyConfluent
 
Ad

Similar to Protecting Your Big Data on the Cloud (20)

PDF
Securing Your Cloud Applications
IBM Security
 
PDF
Scaling Databricks to Run Data and ML Workloads on Millions of VMs
Matei Zaharia
 
PDF
Best Practice Public Cloud Security
Jason Singh
 
PPTX
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
David Brossard
 
PPTX
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
 
PPTX
AWS Basic Practitioner Heena Talreja.pptx
Hitendrasingh79
 
PPT
Making Sense Of Cloud Computing - by Mark Rivington
CA Nimsoft
 
PPTX
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
 
PPTX
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB
 
PPTX
VANMATHY V cloud computing
vanmathy1
 
PPTX
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
Sumo Logic
 
PDF
Webinar hiware
Seokminyoon4
 
PPTX
Application Security in the Cloud - Best Practices
RightScale
 
PDF
Aws lambda webinar -buraku
burakunuvar
 
PPTX
IAM.pptxIAM.pptxIAM.pptxIAM.pptxIAM.pptx
Gangujyothi
 
PPTX
Multi cloud governance best practices - AWS, Azure, GCP
Faiza Mehar
 
PPT
Oracle Keynote Cloud Expo 11-04-09
Rex Wang
 
PDF
Future of Your Atlassian Platform - Data Center and Cloud Migration
AUGNYC
 
PDF
CyberArk Interview Questions and Answers for 2022.pdf
Infosec Train
 
PDF
CyberArk Interview Questions and Answers for 2022.pdf
infosec train
 
Securing Your Cloud Applications
IBM Security
 
Scaling Databricks to Run Data and ML Workloads on Millions of VMs
Matei Zaharia
 
Best Practice Public Cloud Security
Jason Singh
 
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
David Brossard
 
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
 
AWS Basic Practitioner Heena Talreja.pptx
Hitendrasingh79
 
Making Sense Of Cloud Computing - by Mark Rivington
CA Nimsoft
 
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB
 
VANMATHY V cloud computing
vanmathy1
 
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
Sumo Logic
 
Webinar hiware
Seokminyoon4
 
Application Security in the Cloud - Best Practices
RightScale
 
Aws lambda webinar -buraku
burakunuvar
 
IAM.pptxIAM.pptxIAM.pptxIAM.pptxIAM.pptx
Gangujyothi
 
Multi cloud governance best practices - AWS, Azure, GCP
Faiza Mehar
 
Oracle Keynote Cloud Expo 11-04-09
Rex Wang
 
Future of Your Atlassian Platform - Data Center and Cloud Migration
AUGNYC
 
CyberArk Interview Questions and Answers for 2022.pdf
Infosec Train
 
CyberArk Interview Questions and Answers for 2022.pdf
infosec train
 
Ad

More from Alibaba Cloud (13)

PDF
Alibaba Cloud’s ET City Brain - Empowering Cities to Think
Alibaba Cloud
 
PDF
Loan Default Prediction with Machine Learning
Alibaba Cloud
 
PDF
Next Level Digital Media with Alibaba Cloud (Part 2)
Alibaba Cloud
 
PDF
An Introduction to Alibaba Cloud’s Message Service
Alibaba Cloud
 
PDF
Next Generation Retail Part 3 - Retail Transformation Best Practices
Alibaba Cloud
 
PPTX
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Alibaba Cloud
 
PPTX
The Next Generation of Retail - Unlocking Alibaba Retail Cloud
Alibaba Cloud
 
PPTX
How to Leverage ApsaraDB to Deploy Business Data on the Cloud
Alibaba Cloud
 
PPTX
Big Data Quickstart Series 1: Create Powerful Data Visualization
Alibaba Cloud
 
PPTX
Introduction to Elastic Compute Service on Alibaba Cloud to Power Your Busine...
Alibaba Cloud
 
PPTX
Guide to Cybersecurity Compliance in China
Alibaba Cloud
 
PPTX
Introduction to WAF and Network Application Security
Alibaba Cloud
 
PPTX
China Connect Webinar: ChinaConnect: How to Apply for an ICP License in 2017
Alibaba Cloud
 
Alibaba Cloud’s ET City Brain - Empowering Cities to Think
Alibaba Cloud
 
Loan Default Prediction with Machine Learning
Alibaba Cloud
 
Next Level Digital Media with Alibaba Cloud (Part 2)
Alibaba Cloud
 
An Introduction to Alibaba Cloud’s Message Service
Alibaba Cloud
 
Next Generation Retail Part 3 - Retail Transformation Best Practices
Alibaba Cloud
 
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Alibaba Cloud
 
The Next Generation of Retail - Unlocking Alibaba Retail Cloud
Alibaba Cloud
 
How to Leverage ApsaraDB to Deploy Business Data on the Cloud
Alibaba Cloud
 
Big Data Quickstart Series 1: Create Powerful Data Visualization
Alibaba Cloud
 
Introduction to Elastic Compute Service on Alibaba Cloud to Power Your Busine...
Alibaba Cloud
 
Guide to Cybersecurity Compliance in China
Alibaba Cloud
 
Introduction to WAF and Network Application Security
Alibaba Cloud
 
China Connect Webinar: ChinaConnect: How to Apply for an ICP License in 2017
Alibaba Cloud
 

Recently uploaded (20)

PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Advanced IT Governance
University of Hertfordshire
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 

Protecting Your Big Data on the Cloud

  • 1. Protecting Your Data on the Cloud Derek Meng
  • 2. 01 03 02Information security management of enterprise's migration to cloud Overview 04 RAM Product Design RAM User and MaxCompute Demo: Add RAM user into MaxCompute Project
  • 3. CSA 2016: Top 12 security threats of enterprise's migration to cloud Data leakage AccessKey or password leakage/ Lack of IAM practices API security System and application software vulnerabilities Account sharing or hijacking Internal attacks (employees/outsourced personnel/ISVs) APTs Data loss Insufficient understanding of cloud Technologies Malicious utilization of cloud services Denial of Service (DoS) Technical module sharing https://cloudsecurityalliance.org/group/top-threats/ 1 2 3 4 5 6 7 8 9 10 11 12
  • 4. About Alibaba Cloud accounts Alibaba Cloud Resources Alibaba Cloud Account 2 (Tenant2) • Basic unit for multi-tenant isolation on the cloud platform • Owner of resources (ResourceOwner) • Subject of metering and billing • Permission administrator (root) Alibaba Cloud Resources Alibaba Cloud Account 1 (Tenant1) Explanations about Alibaba Cloud accounts
  • 5. Alibaba Cloud account security • Security goal of Alibaba Cloud accounts: Protect cloud resources from unauthorized access • Credentials - Password - Multi-factor authentication (MFA) - API AccessKey Alibaba Cloud Resources Alibaba Cloud Account 1 (Tenant1)
  • 6. Alibaba Cloud account vs User Who is the user? Employee Alibaba Cloud Resources Alibaba Cloud Account (Buyer)
  • 7. Application Alibaba Cloud Resources Alibaba Cloud Account (Buyer) App Alibaba Cloud account vs User Who is the user?
  • 8. Mobile App Alibaba Cloud Resources Alibaba Cloud Account (Buyer) App Client Alibaba Cloud account vs User Who is the user?
  • 9. An Alibaba Cloud service Alibaba Cloud Resources Alibaba Cloud Account (Buyer) ECS Alibaba Cloud account vs User Who is the user?
  • 10. How to centrally manage the identities and access permissions of users for tenants? Question
  • 11. 01 03 02Information security management of enterprise's migration to cloud Overview 04 RAM Product Design RAM User and MaxCompute Demo: Add RAM user into MaxCompute Project
  • 12. RAM (Resource Access Management) Alibaba Cloud Resources Alibaba Cloud Account (Tenant) RAMApp User authorization policy User • Centralized user management • Centralized permission management • Unified access control • Centralized user audit • Unified bill RAM core features App
  • 13. Authorization capabilities: the minimum granularity and the strongest control Scenario description: To authorize an employee to download only the privatebucket data of OSS, the operator must be in the internal network with MFA logon authentication. RAM authorization policy description (Policy language): A traditional access control matrix (e.g., ACL) cannot describe Grant what operation On what object To what user; { "Version":"1", "Statement":[ { "Effect":"Allow", "Action":"oss:Get*", "Resource":"acs:oss:*:*:privatebucket/*", "Condition":{ "Bool":{ "acs:MFAPresent":"true" }, "IpAddress":{ "acs:SourceIp":"42.120.88.0/24" } } } ] }
  • 14. Implementation of RAM user authorization Alibaba Cloud Resources Alibaba Cloud Account (Tenant) Check PermissionApp User authorization policy User App Console or APIInternet User characteristic Request characteristic Resource characteristic