DocsICP FilingConsole
官方文档
首页

Security design principles

更新时间:
复制 MD 格式
我的收藏

Security design for cloud workloads rests on four core principles: minimization, audit and traceability, data protection, and compliance. Together they form a layered defense that limits exposure, enables incident response, and satisfies regulatory requirements.

Principle of minimization

Goal: Reduce the attack surface by limiting external access points, privileged identities, and granted permissions to only what the system requires.

Every service, open port, administrator account, and permission you add expands the surface area an attacker can target. Fewer external services result in a lower security risk. Applying minimization across network, identity, and privilege layers keeps that surface as small as possible:

  • Principle of network minimization: Minimize public network access points. Limit the number of open ports. Use Virtual Private Clouds (VPCs) or subnets to create the smallest possible network segments, and then isolate and monitor these Classless Inter-Domain Routing (CIDR) blocks.

  • Principle of identity minimization: Reduce the number of system administrators. Assign user identities based on their roles and permissions.

  • Principle of least privilege: Grant permissions using a whitelist model, which allows only specific and minimal permissions. Although this can be difficult to implement in practice, it is a key principle of security design.

Apply least privilege to both RAM users and AccessKeys:

  • Principle of least privilege for RAM users: Use Resource Access Management (RAM) users for identity management. Assign fine-grained permissions to RAM users.

  • Principle of least privilege for AccessKeys: As a best practice, do not create an AccessKey for your Alibaba Cloud account. Instead, create an AccessKey for a RAM user or another monitored account with controlled permissions, and use it for automated calls.

Principle of audit and traceability

Goal: Record every access request so that, when an incident occurs, you can reconstruct the attack timeline, determine impact, and identify the root cause.

Ensure all user access requests are recorded in audit logs. If an attack occurs, cloud resource operation logs, access logs, and change logs let you reconstruct the event and trace the attack sequence. This analysis helps your organization determine the severity, impact, and loss from the attack.

Principle of data security and protection

Goal: Protect data throughout its lifecycle—at rest, in transit, and in shared flows—by classifying it, controlling access, encrypting it, and auditing how it moves.

Under the shared responsibility model, data security is divided between you as the tenant and the cloud platform. When designing a data protection system, apply these principles:

  • Principle of data classification: Establish a data classification system based on your applications and business attributes. Data classification is a long-term and dynamic process, and it is the first step toward graded protection.

  • Principle of access control and least privilege: Review your business flows to identify user identities, purposes, permissions, and paths for data access. Use technical controls to manage permissions and access paths.

  • Principle of data-at-rest protection: Authenticate access to data at rest and encrypt the data.

  • Principle of data-in-transit protection: Use encryption in transit and data encryption for data streams and their transmission channels.

  • Principle of data auditing: Conduct comprehensive audits of data access, operations, and movement.

  • Principle of data sharing: Identify all data sharing methods and paths, and establish protective measures for each. These methods can include online data access and sharing through APIs or software development kits (SDKs), and offline data sharing.

  • Principle of data compliance: Prioritize data compliance. Identify the technical and administrative controls required to meet compliance requirements, and incorporate them into your organization's data security system planning.

Principle of compliance

Goal: Meet all legal and regulatory requirements that apply to the regions where your systems operate, and map those requirements to specific technical and management controls before you build.

If your business builds systems or provides services on Alibaba Cloud infrastructure in the Chinese mainland, China (Hong Kong), Macao (China), Taiwan (China), or regions outside China, fully consider the applicable local legal and regulatory requirements. Thoroughly analyze these requirements as part of your security architecture design, identify the technical and management controls needed to satisfy them, and determine which Alibaba Cloud products and services can help your business meet those compliance requirements as you build your security capabilities.

Previous:Planning and designNext:Security Risk Identification and Detection