Data security involves protecting data from unauthorized access, unauthorized usage, tampering, and loss throughout the data lifecycle. Data security in cloud environments is the lifeline of user business and represents the paramount demonstration of comprehensive cloud security capabilities. As cyber threats continue to evolve and expand around the world, safeguarding data becomes crucial. Alibaba Cloud has the responsibility and obligation to ensure the security of user data. This topic describes how Resource Orchestration Service (ROS) ensures user data security in terms of transmission and storage.
Transmission confidentiality
ROS supports HTTPS for encrypted transmission and provides 256-bit keys to meet the transmission encryption requirements on sensitive information.
On the basis of HTTP, HTTPS encrypts data during transmission by using Transport Layer Security (TLS) and SSL. This prevents data from being monitored, intercepted, and tampered with by third parties.
Storage confidentiality
During the storage process, ROS encrypts the stack parameters for which NoEcho is set to true and the sensitive property values of specific resources. For example, ROS encrypts the value of the AccessKeySecret output of ALIYUN::RAM::AccessKey. You are responsible for encrypting confidential or sensitive information in templates. We strongly recommend that you do not directly write the preceding information to templates and introduce a secure method, such as encrypted parameters, to store the information. For more information, see Encrypted parameters.