QA section

• 1. Q: is security group enough for protecting ECS instances facing internet?

  A: The short answer is no. A security group is mainly for asset-based protection, not for account-based protection. You should consider adopting security best practices as well as using our various security products when exposing services to the public.

• 2. Q: Can CEN be used to connect to on-premise hosted VM environment with Cloud ?

  A: Yes, our solution can offer this connection, not just CEN.

• 3. Q: what is AK Leakage means?

  A: Access Key leakage

• 4. Q: Is there any integration aspects when we have both on-premise and cloud?

  A: The cross-border network solution itself is a integrated solution to connect both on-premise and cloud services, cloud service can be connected by CEN, the on-premise services can bu connected by various ways, such as SAG, EC, or VPN Gateway.

• 5. Q: Hi, Regarding AliCloud offering CEN cross-border connectivity, how this is compliance with china cybersecurity Law since the Chinese govt doesn't allow any company except 3 big telecom providers to offer such service? Also, EC product isn't available to customers including no Docs about it online. then there's not need to introduce this service.

  A: Alibbaba Cloud cross-border network solution is cooperated with Chinese local operator to solve compliance issue, our products strictly adhere to cybersecurity Law and its regulation. EC is now available on our website, you can learn more about it here https://www.alibabacloud.com/help/product/27782.htm

• 6. Q: RE. Your "End to End Security" slide, can business rules be applied by the owner of the data in the "Encryption in Motion" scenario to control who can open that encrypted data, where, when, how etc? Thank you. Phil

  A: Encryption in motion is based on Alibaba Cloud network solution, if the data traffic running on our network, such CEN, VPN Gateway, EC, or VPC is encrypted.

• 7. Q: Using Security Center, for IaaS deployment do we need to deploy agents to the ECS servers.

  A: Security Center is embedded in ECS, there is an agent on ECS to offer you free version security center service.

• 8. Q: how is the scope of Cloud Security?

  A: We provide end-to-end cloud security, which is from platform security, data security, and application security, and also provide authorization, authentication, access control, logging and auditing protection for your account security.

• 9. Q: Is the keys and KMS service hosted within Alibaba Cloud? Based on my understanding and reading from most articles, quite a fair bit of these articles recommend Bring Your Own Key Methodology (BYOK) whereby you host your own encryption keys on-premises and inject into the Cloud Service Provider for encryption. This allows cryptoshredding as a best practice by most Cloud Security practices like guidance from Cloud Security Alliance and (ISC)2. Does Alibaba Cloud Support BYOK or keys generated from On-Premises HSM?

  A: Yes, keys and KMS service is hosted within Alibaba Cloud. We support BYOK function and let our customer to have the authority to manage your keys.

• 10. Q: Cloud firewall is available in all regions? In Japan?

  A: The current available regions are Hong Kong, Indonesia, Singapore, and Malaysia. Our Germany and Indian regions will be available in this April, Japan will be available in the end of July

• 11. Q: if cloud firewall is not available in all regions, what is the alternative? put a 3r party firewall, like fortinet?

  A: Yes, we have the partnership with Fortinet.

• 12. Q: is there any free class room training is planned in India, City like Bangalore for Alibaba Cloud.

  A: We do have training courses around the globe but due to the recent outbreak, the frequency might be reduced temporarily. At any rate, you are welcome to visit our official Academy page at https://edu.alibabacloud.com/training to learn more about our Offline Training sessions.

• 13. Q: What happen to Cloud Native at 1450hrs ?

  A: Each session will be hosted on different channels. Please visit https://resource.alibabacloud.com/webinar/detail.html?id=1481 to join the Cloud Native session.