×
Community Blog The Practices of Public Cloud Protection for Overseas Securities Exchange Apps

The Practices of Public Cloud Protection for Overseas Securities Exchange Apps

This article discusses how Alibaba Cloud provides security and protection for a top investment bank.

By Alibaba Cloud Security

Keywords of our client

  • A top Chinese investment bank based in Hong Kong (China)
  • Awarded "Best Bond Underwriter" in Greater China many times
  • Best partner for Chinese enterprises to be listed outside China

The client is one of the largest and most powerful Chinese investment banks in the overseas market. It is one of the few institutions capable of providing diversified and unified financial services. As such, the client pays special attention to elastic protection and global compliance in the security construction of IT infrastructure.

Its path of security construction:

  • Its quotation app and official website were among the first to be published on Alibaba Public Cloud in 2019 and then deployed and integrated the Sec-MCA feature of Anti-DDoS Premium.
  • With its finance management app migrated to the cloud, our client synchronously enabled Web Application Firewall, Cloud Firewall, and Security Center for basic security protection. The client also enabled Alibaba Cloud Content Moderation to meet compliance requirements.
  • During the listing period of many top enterprises in China, it carried the market information and transaction traffic that fluctuates significantly and is periodically accessed. It realized the on-demand auto scaling and no latency of businesses with the support of security resources.
  • During the peaks of network attacks, it integrated and coordinated high-performance cloud security products with automated managed security. As such, it achieved 100% protection from intrusion. No threat broke out, and no business was influenced.
  • Most importantly, it was the first to meet the regulatory requirements of HKMA and SFC and provide overall compliance solutions and capabilities for financial users in the compliance field.

1
The On-Cloud Security Architecture of Its Securities System

Intelligent Coordination and Acceleration of Anti-DDoS Premium Ensure Real-Time Securities Trading

In stock trading, high-frequency trading data, such as stock price, volume, market value, and the strength of sellers and buyers, constitutes a dynamic system. In this system, market value is variable with time-sharing randomness and stage trends. For stockholders, the market information and trading information carried by the app is a key entry for them to obtain information about companies listed in Hong Kong and the U.S. and conduct trading operations.

System stability and low latency are critical for the application. In case of heavy traffic due to DDoS attacks, it is necessary to ensure that no network interruption, network latency, or packet loss occurs because of congestion. It is also necessary to accelerate the access to the servers in Hong Kong for users in other regions of the world without affecting users' transactions.

2
Sec-MCA of Anti-DDoS Premium

Alibaba Cloud Anti-DDoS Premium service cleans attack traffic in scrubbing centers deployed closest to visitors and only forwards normal network traffic back to the origin server. This ensures the stability of your businesses.

  • The distributed near-origin cleaning of resources is the most advanced in the world. It applies Anycast and GSLB technologies to schedule the closest Alibaba Cloud global Anti-DDoS nodes based on attack sources.
  • With more than 10 Tbps defense bandwidth resources worldwide, it can resist all kinds of DDoS attacks based on Network Layer, Transport Layer, and Application Layer.
  • It supports flexible adjustment of protection bandwidth and self-service upgrade, which take effect in seconds without any new physical devices. At the same time, there is no need to make any adjustments in the business, and the entire service process will not be interrupted.
  • It also offers automated detection corresponding to the attack policy and provides real-time protection. The availability of the cleaning service is up to 99.99%.
  • It supports Mainland China Acceleration, Sec-MCA, and global, advanced mitigation. Users outside of Mainland China can also have accelerated access across regions.

Basic Security Is Stable and Solid, Supporting the Listing of Top Enterprises and Handling Attack Traffic Peaks

Since its application business was migrated to the cloud, it has experienced the listing of several top domestic companies. Among them, there are many top-notch short video companies, which have attracted a large number of stockholders. In their early stage of listing, the business traffic experienced a five to eight times surge once. Any problem with security products may lead to business delays or interruption.

Fortunately, SaaS and cloud-based security products with automatic scaling capabilities have coped with the peak traffic perfectly during the listing of Internet giants in Hong Kong. The protection resources are dynamically called on demand.

3
The Dynamic Elastic Scaling during Business Traffic Surges

In addition, it has faced the threat of extortion emails sent by overseas fraud groups twice and has experienced multiple peaks of attack traffic outbreaks during Christmas and Spring Festival. The high-security products on the cloud have integrated automated managed security services to resist various types of attacks without adding additional O&M engineers and realized the transparent protection.

4
Successful Protection from Multiple Attack Peaks

Compliance Inside and Outside of China and Seamless Convergence of Business Regulatory Rules

The most basic and important requirement for overseas service providers to expand to Mainland China's market is compliance. It is important to reduce costs and increase efficiency on the public cloud, especially for financial businesses under strong supervision. However, businesses must be carried out under the dual constraints of industry requirements and regulatory standards. By doing so, it can protect customers' private information and the safety of business data.

  • As a leader of compliance in the Asia-Pacific region, Alibaba Cloud is the first to pass the SFC compliance certification regulated by the financial industry in Hong Kong. No additional adaptation is required after users' businesses are migrated to the cloud.
  • With an in-depth understanding of content compliance requirements, Content Moderation filters out the comments related to pornography, terrorism, violence, and infringement of national sovereignty.
  • Bastionhost provides a unified, efficient, and secure O&M channel on the cloud to centrally manage asset permissions, monitor operation behaviors throughout the process, and restore O&M scenarios in real-time. This ensures that cloud O&M identities can be identified, permissions controlled, risks blocked, operations audited, and compliance ensured.

Customer Benefits

  • The information on the stock market is updated in real-time. Anti-DDoS Premium and Mainland China Acceleration can reduce the loading time and delay of service access significantly while ensuring security.
  • It was adapted well to the large fluctuation of the trading peak during the listing of top enterprises. At the same time, it releases the resources immediately after the end of trading each day, saving more than 50% of cloud server costs.
  • Content Moderation can identify, clean, and block the content automatically with high accuracy. It is especially familiar with regulatory requirements in China to avoid non-compliance issues in UGC content.
  • The managed security service provides minute-level emergency response and ensures that businesses are not affected by security events without additional workforce investment.
  • It meets the strong regulatory and legal requirements of finance industries to ensure cloud migration.

In the future, with the further expansion of account opening and transaction users, Alibaba Cloud will also deepen the cooperation with the investment bank client gradually. Combined with its best practices of risk management for more than ten years, Alibaba Cloud is committed to providing the cloud business of the client with an overall joint risk-control solution featuring end + cloud across risk scenarios.

0 0 0
Share on

Alibaba Cloud Community

1,044 posts | 257 followers

You may also like

Comments

Alibaba Cloud Community

1,044 posts | 257 followers

Related Products

  • Anti-DDoS

    A comprehensive DDoS protection for enterprise to intelligently defend sophisticated DDoS attacks, reduce business loss risks, and mitigate potential security threats.

    Learn More
  • China Gateway Solution

    Power your progress in China by working with the NO.1 cloud provider of this dynamic market.

    Learn More
  • ActionTrail

    A service that monitors and records the actions of your Alibaba Cloud account, including the access to and use of Alibaba Cloud services using the Alibaba Cloud Management console, calling API operations, or SDKs.

    Learn More
  • Anti DDoS Basic

    A cloud-based security service that protects your data and application from DDoS attacks

    Learn More