Preparing a secure cloud environment in the digital new norm

By Allen Guo, Country Manager for the Philippines, Alibaba Cloud Intelligence

As hybrid or remote working is being adopted by many companies globally and becoming the “new norm” for millions of workers, cyberattacks meanwhile continue unabated. In the past year, millions of workers in the Philippines, particularly those in work-from-home set-ups, were subject to cybersecurity threats. And in just the first half of this year, the country’s national Computer Emergency Response Program (CERT-PH), under the Cybersecurity Bureau of the Department of Information and Communications Technology (DICT), handled hundreds of cybersecurity incidents, the majority of which were APT cyberattacks and compromised websites and systems.

Building a secure and reliable IT environment has therefore become an increasingly important priority for many businesses who are exploring opportunities in the global digital economy. The same is underscored by the DICT’s National Cybersecurity Plan 2022, which outlines the department’s plan of action to protect not just businesses and supply chains, but also government networks and individuals from cyber risks.

For businesses and enterprises, moving to the cloud and using cloud-based security features is a good way to challenge cyber risks. But it’s also important to delve deeper into how best to construct a secure and reliable cloud environment that can fend off even the most determined attacker.

Allen Guo: Enabling enterprises to thrive in ever-growing digital landscape
Forrester names Alibaba Cloud leader in public cloud container platform

In today’s digital environment, discussions about cyber security’s best practices have never been more important. In this article, I would like to share some thoughts on how to create a secure cloud environment — from building the architecture to adopting cutting-edge security technologies and putting in place important security management practices — to inspire more thorough conversations on this subject.

Design the next-generation enterprise security architecture

A resilient and robust security architecture is essential for creating a cloud environment capable of assuring an organization about the availability, confidentiality, and integrity of its systems and data.

From the bottom up, the architecture should include security modules of different layers, so that companies can build trustworthy data security solutions on the cloud layer by layer — from the infrastructure security, data security, and application security to business security layers.

In addition to the security modules of all of the layers, there are a variety of automated data protection tools that enable companies to perform data encryption, visualization, leakage prevention, operation log management, and access control in a secure computing environment. Enterprises can also leverage cloud-based IT governance solutions for custom designs of cloud security systems to meet compliance requirements from network security and data security to operation auditing and configuration auditing. This ensures full-lifecycle data security on the cloud, with controllable and compliant data security solutions in place.

Another consideration is to build a multi-tenant environment, abiding by the principle of least privilege and adopting consistent management and control standards to protect user data from unauthorized access. In addition, establishing strict rules for data ownership and operations on data, such as data access, retention, and deletion, is also pivotal in creating a safe environment.

Moreover, enterprises can embrace the zero-trust security architecture and build a zero-trust practice by design to protect the most sensitive systems. The architecture requires everything (including users, devices, and nodes) requesting access to internal systems to be authenticated and authorized using identity access protocols. As such, the zero-trust security architecture cuts down on automatic trust, or trust without continuous verification, addressing modern challenges in securing remote working environments, hybrid cloud settings, and increasingly aggressive cyber threats.

Adopt cutting-edge security technologies

Cutting-edge security technologies such as comprehensive data encryption, confidential computing, and many more emerging tech solutions, can be leveraged to ensure we stay on top of the trends in cybersecurity.

Comprehensive data encryption provides advanced data encryption capabilities on transmission links (i.e., data-in-motion), compute nodes (i.e., data-in-use), and storage nodes (i.e., data-at-rest). Key Management Service and Data Encryption Service help users securely manage their keys and use a variety of encryption algorithms to perform encryption operations.

Another emerging technology to safeguard the cloud environment is confidential computing. Confidential computing is dedicated to securing data in use while it is being processed, protecting users’ most sensitive workloads. Confidential computing based on trusted execution environments (TEEs), ensures data security, integrity, and confidentiality while simplifying the development and delivery of trusted or confidential applications at lower costs. At Alibaba Cloud, we apply confidential computing to the hardware layer, virtualization layer, container layer, and application layer, so that data can be protected in the most comprehensive way.

Security management practices in place

It is equally important to adopt proper security management practices and mechanisms to maximize the security protection of one’s critical system and important data.

One essential mechanism to protect the cloud environment is to develop a comprehensive disaster recovery system, which enables businesses to configure emergency plans for data centers based on factors such as power, temperature, and disasters, and establish redundant systems for basic services such as cloud computing, network, and storage. It helps companies to deploy their business across regions and zones and build disaster recovery systems that support multiple recovery models.

Setting the effective reviewing and response mechanism for your cloud security issues is imperative. First, having vulnerability scanning and testing in place is important to assess the security status of systems; second, it is vital to use cloud-native monitoring tools to detect any anomalous behavior or insider threats; furthermore, establishing proper procedures and responsibility models to quickly and accurately assess where vulnerabilities exist and their severity, will help ensure that quick remedy actions can be taken when security problems emerge.

In the future, developing the security architecture, technologies, management, and response mechanism will no longer be perceived as a cost-center burden for companies, but rather, as critical capabilities to safeguard the performance and security of daily business operations. Crafting a comprehensive cloud security plan, adopting the best industrial practices, and choosing a professional cloud service provider with strong security credentials to work with, should be an imperative subjects in a CXO’s agenda.

Alibaba Cloud, founded in 2009, is a cloud computing and artificial intelligence company, that provides services to enterprises, developers, and government organizations in more than 200 countries and regions. Committed to the success of its customers, Alibaba Cloud provides reliable and secure cloud computing and data processing capabilities as a part of its online solutions. In