[First in China! 】Alibaba Cloud Proprietary Cloud Passes the Security Evaluation of Commercial Cryptographic Applications

Introduction to Cloud has become the first cloud vendor in China to pass the critical evaluation of the cloud platform by virtue of the comprehensive security capabilities of the self-developed Feitian cloud operating system.

Recently, the results of the first domestic commercial cryptographic application security assessment (hereinafter referred to as the secret assessment) for cloud platforms were released. With the comprehensive security capabilities of the self-developed Feitian Cloud operating system, Alibaba Cloud has become the first domestic cloud vendor to pass the cloud platform critical evaluation, which means that customers can enjoy more secure and compliant cloud services on Alibaba Cloud.

It is reported that this assessment was conducted in accordance with the national standard GB/T 39786-2021 ``Basic Requirements for Cryptographic Application of Information Security Technology Information System'', and the assessment agency authorized by the National Cryptographic Bureau (Smart Cloud Test) from the application of cryptographic technology, key management and security management A comprehensive evaluation of Alibaba Cloud's proprietary cloud platform was conducted in multiple dimensions such as system, and the final result was to meet the level 3 requirements of the standard.

Password is the core technology and basic support to ensure network and information security. With the introduction of cloud computing, many information systems are migrated to the cloud, which brings new requirements for cryptographic applications.

Compared with a single application, the cloud platform that the customer system on the cloud depends on involves many products and services, and the transformation of the underlying components is complicated. The overall cryptographic support capability of the cloud platform is not a simple superposition of a single product or service capability, but needs to rely on a global architecture. The ingenious design of, complete the confidentiality and integrity protection of the entire data link at multiple cloud service levels. Therefore, the platform-level evaluation puts forward higher requirements for the overall architecture, and has exemplary significance for the application of the secret evaluation standard on the cloud platform.

This evaluation conducted a comprehensive quantitative evaluation of the compliance, correctness, and effectiveness of the Alibaba Cloud proprietary cloud platform cryptographic application based on standards, and verified it through technical means such as traffic capture and encryption algorithm analysis.

It is reported that Alibaba Cloud Proprietary Cloud fully supports the national secret algorithm and provides three major systems: platform key management, platform certificate management, and platform access authentication management, which are used for systematic management and full life cycle management of keys on the cloud. Users provide a full range of cryptographic capability support such as full-link data encryption and identity authentication based on cryptographic technology, which effectively guarantees the security of government and enterprise data.

As the technical infrastructure supporting the digital transformation of government and enterprises, Alibaba Cloud's Apsara Stack has assisted nearly 700 customers in digital transformation, covering important industries such as government affairs, finance, energy, manufacturing, and transportation. Zhongbao Auto Service has built a disaster recovery cloud service for the insurance industry based on Alibaba Cloud's proprietary cloud, achieving RPO<30 minutes, RTO≤1 hour, and reaching level 5 construction standards for disaster recovery and level 3 security standards such as information security.

Through this assessment, Alibaba Cloud has improved the compliance capabilities of the proprietary cloud platform and its cloud products, strengthened the security of the cloud platform, and further guaranteed the data confidentiality and integrity of the business system on the cloud. , Financial customers provide a strong guarantee for critical review and compliance reform.

"Alibaba Cloud has always attached importance to the work of cryptographic standards, paid close attention to the requirements of relevant technical standards in the cryptographic field, and carried out continuous and thorough transformation of the cloud platform in accordance with the requirements of the confidential evaluation standards, so that the cloud platform can comply with the key data link of the base architecture. Evaluation standard requirements." said Xie Ning, head of Alibaba Cloud's proprietary cloud.

Alibaba Cloud Hybrid Cloud provides customized hybrid cloud solutions for government and enterprises
Provide an integrated cloud platform service from the perspective of customers from the three dimensions of building the cloud, managing the cloud, and using the cloud
For more information on hybrid cloud, go to [Hybrid Cloud Official Website]

Copyright statement: content of this article is contributed spontaneously by Alibaba Cloud real-name registered users, and the copyright belongs to the original author. The Alibaba Cloud Developer Community does not own its copyright and does not assume corresponding legal responsibilities. For specific rules, please refer to the "Alibaba Cloud Developer Community User Service Agreement" and the "Alibaba Cloud Developer Community Intellectual Property Protection Guidelines". If you find suspected plagiarism in this community, fill in the infringement complaint form to report it. Once verified, the community will immediately delete the suspected infringing content.