IDaaS CIAM provides a unified identity management solution for external users, built on a multi-layered security architecture covering host security, network security, data storage, and disaster recovery.
Host security
Stable computing environment
All IDaaS CIAM services run on Elastic Compute Service (ECS), with the following availability mechanisms:
Multi-zone deployment: Microservices are distributed across ECS instances in different availability zones, eliminating any single point of failure.
Active resource scaling: Computing resources scale manually or automatically based on traffic, matching resource allocation to actual load.
Security protection
IDaaS CIAM combines Alibaba Cloud security products to provide host-level protection:
Intrusion detection: Security Center monitors abnormal logon behaviors and malicious process execution in real time, detecting and blocking threats as they occur.
Vulnerability scanning: Operating systems and applications are scanned regularly, with remediation recommendations provided for each finding.
Virus protection: A built-in antivirus engine prevents malware propagation across hosts.
Network security
Network isolation
IDaaS CIAM runs inside an Alibaba Cloud virtual private cloud (VPC), with each instance's VPC independently configured to ensure network isolation from other tenants. Isolation is enforced at the data-link layer through tunnel technology.
To maintain service continuity during network interruptions, the platform supports a cross-zone active-active architecture.
Transmission security
All API requests and user access use HTTPS. TLS encryption is applied to all data in transit.
Data storage security
Encryption at rest
All sensitive data is encrypted using AES-256. Encryption keys are rotated regularly to reduce the risk of key exposure.
Backup and recovery
IDaaS CIAM provides the following data protection mechanisms:
Automatic backup: Databases and file storage are backed up automatically on a regular schedule.
Version control: Critical data is versioned, supporting rollback to any historical state.
Disaster recovery
IDaaS CIAM's disaster recovery capability is built on an active-active architecture. Core components — including DRDS, RDS, Redis, SLS, MQ, SLB, and others — run in high-availability configurations with primary and secondary instances placed in different availability zones.
The platform supports:
Primary/secondary failover: Failover completes within minutes.
Data synchronization: Real-time data synchronization keeps primary and secondary instances consistent.
Security compliance
Certifications
IDaaS CIAM holds the following certifications. To request compliance documentation or certificates, contact the IDaaS product team.
| Certification | Scope |
|---|---|
| Classified Protection of Cybersecurity 2.0 Level 3 | China's Ministry of Public Security network security standard |
| ISO 27001 | International information security management system |
| ISO 27018 | International cloud privacy protection standard |
| PCI DSS | Payment Card Industry Data Security Standard for sensitive payment data |
Data privacy
IDaaS CIAM includes built-in mechanisms to support compliance with the Personal Information Protection Law (PIPL) and the Data Security Law:
Audit log: All user and administrator operations are logged, providing full traceability for data processing activities.
Permission management: Access to sensitive data is restricted through strict permission management policies.
To learn more about IDaaS CIAM's infrastructure security capabilities or obtain a private deployment solution, contact the IDaaS product team.