21Vianet and Microsoft Adhere to New Cyber Security Law in the Chinese Market

The Internet has been intertwined with all aspects of our daily lives, information security risks have been affecting our society at all levels. Cyber security is not just about national security and development, but also concerns the immediate interests of every citizen. This leads to the formulation of the new Cyber Security Law of the People’s Republic of China, representing that China’s cyber security management will have the law base and information security industry will be driven by both compliance. The law would not only promote the development of the cyber security industry, but also improve the cyber security environment and remove the obstacles to develop “Internet Plus”, a plan proposed by prime minister Li Keqiang that offers an important opportunity for economic transformation.

21Vianet Blue Cloud has made concerted effort with Microsoft under this guideline to implement security measures that would comply with China’s new Cyber Security Law.

Close Collaboration of 21Vianet Blue Cloud and Microsoft in Cloud Computing
Microsoft becomes the first foreign cloud service provider entering China by partnering with 21Vianet Blue Cloud in June, 2013. This partnership enables Chinese enterprises to access Microsoft Office 365 and Azure, and its growing collection of integrated cloud services that developers and IT professionals in China use to build, deploy and manage applications through the datacenters reside within China.

“Microsoft Azure operated by 21Vianet” provides public cloud services such as compute, storage, databases, networking and enterprise integration for users in China. 21Vianet Blue Cloud has built a team with over 400 engineers and works together closely with Microsoft to offer high-level professional operation and maintenance services that would adhere to the global standards. and commit to meeting these four principles:
• Safety: to ensure data confidentiality, integrity and availability, to build a strong and comprehensive security measures to fence off information security risks by adopting the industry-leading technology, and technical operation processes.
• Privacy and Access Control: no one can access customer data without a strict approval process.
• Compliance: to store and manage customer data pursuant to laws, regulations and standards.
• Transparency: customers should have a good grasp of how their data is processed.

At the 8th US-China Internet Industry Forum in September, 2015, Microsoft, Tsinghua Unigroup and 21Vianet forged partnership to provide customers in China with customized hybrid cloud solutions and related services that is based on the technology of Microsoft Azure and Office 365.

In November, 2016, 21Vianet announced the launch of Microsoft Power BI, a suite of cloud-based business analytics tools that delivers insights for enterprises. The partnership again signifies the ongoing success of the collaboration between 21Vianet Blue Cloud and Microsoft.

Deepened Cooperation: Cyber Security Protection 2.0
The new Cyber Security Law is renowned for requirements and security obligations imposed on the providers of network products and services. Its definitions of product and technical support place more emphasis on an integrated and dynamic environment.

Microsoft Azure, Office 365 and Power BI operated by 21Vianet have passed the third-level test of classified protection evaluation of information system security. While the test was required, Microsoft also proactively conducted self-testing for its own cloud services. Two-factor authentication is used with which not only access card and password are required but also biometrics authentication such as user’s fingerprint. In addition, surveillance cameras are in placed at each corner of every data center. A highly-sophisticated encryption is used to protect data stored in the cloud storage while other services like Key Vault is also employed during the process.

Microsoft Azure operated by 21Vianet provides customers with a data protection measures that can be enabled by default, mainly including 6 areas:

1. Data segregation
Data is segregated via logical segregation mechanism.
2. Data protection during transmission
Data transferred by protocol encryption package in and out or inside the environment is by default.
3. Data redundancy
Users are offered multiple options to duplicate data, including the number of duplicates and the location of data center.
4. Stored data protection
Users can set a series of encryption options for virtual machine and storage.
5. Data encryption
Data encryption after being stored or during transmission could be used to meet customer’s demand for the best practice and ensure data confidentiality.
6. Data destruction
When customers delete their data, or stop using Microsoft Azure, 21Vianet Blue Cloud ensures that data from previous customers can no longer be accessed. Data is so important that it needs classified protection. This set of security protection measures meets the requirement of Cyber Security Protection 2.0 for classified protection. Data resources are also required to pass a high-level protection test.

Operators are responsible for cross-border transmission and security protection of critical data
Critical Information Infrastructure Protection (CIIP) is indispensable to ensure continuous service for national critical infrastructures. The new Cyber Security Law places emphasis on CIIP, presenting that CIIP plays a significant role in national economic and social development. As Chinese enterprises expand their business operations overseas, many of them have become multinational enterprises, facing the issue of legal restrictions over cross-border data transmission.

21Vianet Blue Cloud makes clear commitment that all data of users in China will only be stored in China, and the customers have the right of information and proprietorship over their data.
Moreover, 21Vianet Blue Cloud takes a series of security measures for personal data, including data transmission encryption, local storage multiparty encryption, user data protection, infrequent access permissions while maintaining confidentiality to any affiliated third party. It’s essential for cloud operators to provide high degree of protection that can enable customers to use and manage data on their own.

New era puts forward higher standard for cloud service providers: All-Day, Continuous and High-Level
Many data and services rely on the cloud platform require cloud providers to stand out in their capability to inspect, pre-warn and recover from emergencies. The traditional model of IT operation and maintenance is to install software on servers, with a set of machines targeted at individual customers. However, in the cloud model, the entire data center works as an integrated infrastructure using cloud operating system that coordinates the entire operation in an concerted effort. The general context asks cloud platform operators to provide all-day, comprehensive and flexible services with disaster recovery capabilities and a full range of end-to-end services, where Blue Cloud, an exclusive operator of Microsoft cloud services, has made remarkable progress.

21Vianet Blue Cloud provides 7×24 for platform operation, technical support and infrastructure monitoring.
To ensure high-quality service, Blue Cloud provides multi-case and multi-service applicable for remote deployment so that services and applications are still available should any stage go wrong. The service stands out in its capability of monitoring, recovering and balancing to ensure business continuity is worth learning for other cloud platform operators. Blue Cloud’s expertise in operating cloud computing has set a standard for other cloud platform operators to follow.

Afterthought:
The era of cloud computing and big data is upon us. Due to these circumstances cloud operators need to be more responsible in protecting critical information securely. Through collaboration between 21Vianet Blue Cloud and Microsoft, we can clearly see that cooperation between world-class global cloud-computing companies and exceptional local cloud service providers certainly does have tremendous potential.

As the new Cyber Security Law has come into effect, cooperation between domestic and foreign cloud computing companies is becoming a new business norm. As we progress, companies will work together to cross the technological gap and jointly share what the network effect can bring forth to us all, while users can enjoy the efficiency and benefits by which the cloud computing technology provides.

Note:
This article is an edited extract from Liu Yue, Vice Dean of Institute of China ICT Development and Strategy in Nanjing University of Posts and Telecommunications, Executive Director of Asia-Pacific Institute for Cyber Law Studies, Chief Justice Adviser of Norway SCHJODT Lawyer Firm in Greater China.