- Cloud Computing
- Information Security
- Intelligent Operation & Maintenance
- Alo7 was established in July 2004 in Boston, USA. In 2010, Alo7 created a brand on learning for Chinese children aged 3-15. Adhering to the product concept “be fun, be useful”, Alo7 dedicates to providing internationalized English teaching products and services for Chinese children. It combines the international education concept with advanced technology and builds OMO (online-mobile-offline) English education system, which includes original textbooks, interactive courseware, operating platforms, home-school communication, and one-stop foreign teacher video services. In 2017, Alo7 launched a series of product upgrades focusing on the four core roles in teaching process, namely students, parents, teachers, and principals. Through AI-driven automated teaching, it realized the personalized self-adaptation learning pattern, which centers on students and learning effects. At present, Alo7 has become a provider of children's English textbooks for a number of well-known training institutions and full-time schools, such as New Oriental, Only Edu., Bond, and Daqiao. There are more than 15 million registered users, and one million annual paid users in Alo7.
- Based on B2B business model, Alo7 sells point-cards to education and training institutions directly. Therefore, for each additional partner, the visiting traffic on its websites and mobile terminals will increase significantly, which requires an excellent extensibility on Alo7 operating platform. At the same time, for the consideration of system availability and security, Alo7 chose AWS cloud platform instead of deploying self-purchasing servers in the Internet Data Center (IDC).
- After migrating business to AWS, Alo7 first considered the security issue. It suffers a lot of Web-aspect attacks, since its main business is all about Internet users and presented to customers through the Web. These weaknesses of Web application systems are significantly different from the traditional network systems.
- ● The unique applications require customized security
- The security of the operating system and network is guaranteed by AWS, while Alo7 is responsible for the security of the application system. At present, there are various developers for online application system development in Alo7, and each application system is also unique from others. The weakness of each application system also differs. Each application system is unique, and so do the weaknesses within it. Some applications of Alo7 are developed by itself, and some applications/modules are developed by third parties. As a result, the development habits and components are different from each other, and weaknesses and vulnerabilities are also different. Hence, it needs to provide customized application-based security protection.
- ● Traditional methods are difficult to work
- Traditional methods of security protection (such as firewalls, intrusion detection, etc.) are ineffective for application weaknesses, which are determined by the functional properties of the application system. The weaknesses of the application system exist at the highest level of the OSI model, while the traditional security products work on the 3-4 level. From this point of view, the traditional products do nothing on the security of the application and cannot solve the security issues of Alo7.
- ● The data is extremely important, and the harm is more direct
- The registered users’ information is the core data and most valuable asset of Alo7. The online application system is the frontend of data presentation and interaction. The problems in online application system will directly threaten the data security, which even cause devastating damages. Therefore, Alo7 needs to strengthen the protection of online business.
ECCOM security solution
- The system of Alo7 is a typical Web+DB two-tier application architecture built on EC2, VPC, ELB and other IaaS services. At the same time, it uses security groups to perform basic network security control. On this basis, ECCOM helps Alo7 build an account and authorization collaboration mechanism for cross-customer AWS IAM Account and security service provider (ECCOM) AWS IAM Account. In addition, base on best practices, we use CloudFormation to deploy the security infrastructure rapidly and reliably, continuously analyze and improve the overall operation of the ISMS through CloudWatch, CloudTrail and AWS Config. The security services provided by ECCOM security solution includes:
- ● Account Management and Authority Management
- ● AWS Infrastructure Security
- ● Data Layer Protection
- ● Lower operating costs;
- ● Information Security Management System (ISMS) provides full protection for AWS resources;
- ● Security monitoring and rapid event response.
- By migrating systems to AWS, Alo7 has avoided a large amount of investment in self-purchasing servers, and at the same time, the systems have good scalability. ECCOM helped Alo7 quickly construct a complete public cloud Information Security Management System, and reinforce the security of systems running on AWS at different levels. An efficient security infrastructure implementation meets the needs of continuously expanding for enterprise business.
Tel : 400-820-5-820,800-820-5-820
mail : TAC@eccom.com.cn
web : www.ECCOM.NET.CN
ECCOM Smart Service
360° Comprehensive Lifecycle Services