Features
Features:

Product Tour >

Edraw AI >

Paid Plans:

Individuals >

Business >

Eduaction >
Resources
Blog

History

How-tos & Tips

Discovery

Biography

Business Analysis

Examples

AI concept Map

Free AI Mind Map Generator

Onenote Mind Map

Bcg Matrix Examples

Nike Marketing Strategy

Unilever SWOT Analysis

Make Mind Maps in Google Docs

Guide

FAQs

What's New

Resource Center
Templates
All Templates

Brain Storming Templates

Strategy and Planning Templates

Project Management Templates

Product Management Templates

Human Resources Templates

Agile Workflow Templates

Marketing Templates

Education Templates

Fun and Games Templates

User Gallery
Download
Pricing
Enterprise

MindMap Gallery Alibaba Cloud Office Security Platform

Alibaba Cloud Office Security Platform

The Office Security Platform (Secure Access Service Edge) is Alibaba Cloud's first one-stop office security management and control platform. Enterprises no longer need to invest in complex and expensive security hardware equipment to quickly build zero-trust intranet access, prevent office data leakage, and access the Internet. Office security system including behavior management and auditing, office access acceleration, etc.

Edited at 2024-01-16 09:23:54

PlotWizard

Recent works View more works>>

Alibaba Cloud Office Security Platform

PlotWizard

Recent works View more works>>

Recommended to you
Outline

Alibaba Cloud Office Security Platform

Product introduction

Office security platform SASE (Secure Access Service Edge) is an integrated office security management and control platform provided by Alibaba Cloud for enterprise users. SASE is based on Alibaba Cloud's massive edge nodes and dedicated line access networks distributed across the country. It adopts the zero-trust concept and sinks security capabilities to the edge to provide out-of-the-box remote services for enterprise customers in multi-branch or store, remote and mobile office scenarios. Capabilities such as zero-trust access, intranet access behavior audit, office data protection, and office network access. After an enterprise uses office security platform products, the enterprise administrator only needs to configure relevant capabilities and control policies on the SASE console. The SASE console will distribute the policies configured by the enterprise administrator to the enterprise employees through the SASE App. When the enterprise employees install the SASE App After turning on network security protection, the access behavior of corporate employees will be controlled.

product architecture

Functional Overview

Intranet access security

Intranet access security capabilities are based on Software Defined Perimeter (SDP) technology to create SaaS-based zero-trust network access capabilities. Control the access rights of enterprise employees without exposing the public network address or transforming the enterprise's original network architecture. Provides intranet access security protection capabilities in the following three scenarios:

Office area network access

Supports certificate-based 802.1x network access function. You do not need to manually enter the user name and password to import the certificate file. You only need to install it.

SASE App can achieve safe network access. SASE App not only provides you with higher office network access security and convenience, but also supports dumb terminals and account and password whitelist access methods to meet the network access needs of printers, IoT and other types of devices, allowing network access. simpler.

Zero trust intranet access control

Self-developed HTTPS encrypted transmission protocol, based on dynamic identity authentication, supports end-to-end (TCP) and end-to-application (HTTP, HTTPS) minimum privilege access control. Compared with traditional VPN access, it has faster access and more efficient operation and maintenance. , more convenient deployment and higher system security.

Global office scene

It is used for global office access scenarios where the company's overseas employees access overseas business and the company's overseas employees access business in mainland China.

Internet access security

A more efficient cloud file analysis engine that audits sensitive office data sent out by office terminals through mobile storage, instant messaging tools, email, HTTP, FTP, printing, burning, network disk and other channels without occupying terminal computing resources. Retention and alerting support the identification of more than 100 file types and preset more than 60 sensitive information dictionaries, making office data protection easier.

Ensure data security by detecting outgoing files

The product architecture based on Cloud DLP provides enterprise users with a lightweight office data detection solution, helping enterprises to grasp the dynamics of sensitive data outflows in real time and monitor data leakage risks.

Keep data safe by managing external devices

Control the data access permissions of corporate employees' external devices and help companies identify whether sensitive files are being sent out.

Keep data safe by managing watermarks

By turning on corporate employee screen watermarks and print watermarks, you can avoid major losses to your business and ensure the security of your corporate office data.

Log analysis

Log audit

The log audit function helps you audit your network traffic in real time and provides you with a basis for handling suspicious traffic accordingly.

Log analysis

The SLS log function helps you collect and store web access and attack protection logs connected to SASE. Based on Alibaba Cloud Log Service, it supports query analysis, statistical charts, alarm services and other functions, helping you focus on analysis and stay away from trivial queries and Organize your work.

Version introduction

SASE only supports the annual and monthly subscription version (prepaid). You can refer to the table below to select the appropriate SASE version. If you want to know more detailed billing information (such as billing methods, billing items)

version name Ability description Intranet access security (VPN version) SASE intranet access security (VPN version), equipped with zero-trust VPN, allows employees to remotely access cloud or offline corporate offices. It is suitable for enterprises with less than 100 employees and office bandwidth not exceeding 10 Mbps. Intranet access security (Basic version) SASE intranet access security (basic version), equipped with zero-trust VPN, allows employees to remotely access cloud or offline corporate offices. It is suitable for enterprises with more than 100 employees and office bandwidth needs to be purchased based on actual conditions. Intranet access security (Premium version) SASE intranet access security (advanced version), equipped with zero-trust VPN, meets employees' ability to remotely access cloud or offline corporate offices, office network access, and global offices. Internet access security (office data protection version) Internet access security (office data protection version), based on the product architecture of Cloud DLP, allows enterprises to instantly identify, monitor and protect office data.

Application scenarios

Remote and mobile office

By moving security capabilities down to edge nodes, enterprises can provide nearby secure access services for remote and mobile office terminals through the deployment mode of security clients. Whether corporate employees are working at home or on a business trip, they can get the same access as those working at the headquarters. level of security protection capabilities.

Office data protection

Based on Alibaba Cloud's sensitive file analysis engine, when corporate employees send sensitive files through instant messaging tools, emails, HTTP, FTP, mobile storage, printing and burning, the behavior is audited, retained and alerted. Office data protection supports recognition of more than 100 file formats and presets more than 60 sensitive information dictionaries, making office data protection easier.

Unified management and control of office security in multiple office branches and stores

Based on Alibaba Cloud's massive edge nodes and dedicated line access networks distributed across the country, security capabilities are brought to the edge to provide out-of-the-box security services for enterprises with multi-branch and store office scenarios; without the need for complex hardware stack deployment, enterprises You can choose the deployment mode of SAG security client or pure security client, so that branches and stores can obtain the same level of security capabilities as the headquarters.

Office network access

Provides certificate-based 802.1x network access capabilities, as well as a complete set of PKI certificate systems, and provides automated services based on the C/S architecture, eliminating the need for administrators and enterprise users to manually generate and import network access files and certificates for each terminal. Access and account password access methods provide network access capabilities for printers and IoT type dumb terminal devices.

Office conduct audit

It supports real-time auditing of corporate employees' online behavior and internal business access behavior, making corporate employee behavior visible, checkable, and controllable. At the same time, audit logs are retained for 6 months to meet the compliance requirements of the Cybersecurity Law and Class Assurance.

Product advantages

Zero Trust Access Architecture

Compatible with standard SAML and SCIM identity protocols, it reduces security exposure and provides end-to-end and end-to-application minimum access control. Intranet access acceleration provides the ultimate experience for branches, stores, and remote mobile offices to access internal services.

Unified management and control of office security

Based on the SASE (Secure Access Service Edge) security model, the security capabilities are deeply integrated with SD-WAN products. The SaaS solution delivers a platform to provide unified security management capabilities for enterprise mobile offices and branch offices.

Security capabilities at the edge

Relying on edge nodes covering the country, branches, stores, and remote mobile offices enjoy the same level of Internet security protection and privacy data protection as the corporate headquarters.

Cloud native security architecture

It is deeply connected with the Alibaba Cloud basic platform to meet the dynamic expansion scenarios of enterprises' digital business and resources. The security boundary is fully covered and the enterprise's security level is fully guaranteed.