Security Frequently Asked Questions
Security Frequently Asked Questions
-
What Is Huawei Cloud infrastructure security?
Infrastructure security is a core component of Huawei Cloud's multi-dimensional, full-stack cloud security system. We have enhanced the security and compliance of our data centers, networks, and other infrastructure based on industry best practices, so that you can migrate services to the cloud, stay focused on your business, and leave the security to us.
Huawei Cloud is deployed in multiple regions and availability zones (AZs) around the world. You can check the services available at each site and on the Huawei Cloud home page.We carefully selected secure locations for all our data centers by considering a range of different factors. When it comes to data center management, we take appropriate access control, monitoring, and other measures to improve the security, reliability, and service continuity of Huawei Cloud infrastructure
We divide and isolate security zones and network planes in compliance with ITU-T E.408 standards and industry best practices.
For more information about the security design and practices of Huawei Cloud infrastructure, see Huawei Cloud Security White Paper.
-
How does Huawei Cloud secure its platform and applications?
Combining more than 30 years of security experience with existing technologies, Huawei Cloud actively promotes the rapid iteration of today's DevOps processes while also integrating Huawei's security development lifecycle (SDL) into the process to develop platforms and applications, ensuring the security and reliability of the entire development process.
● To ensure platform security, Huawei Cloud minimizes the server OS and hardens services. We implement strict controls over who can access the platform and what resource they can access. We have a comprehensive system for auditing O&M activities on our platforms. All O&M accounts and their access to the platform are managed with CBH, and MFA is configured for each account. Huawei unified virtualization platform (UVP), the OS of our cloud computing platform, isolates resources by CPU, memory, and I/O. For details, see section "Platform Security" in Huawei Cloud Security White Paper.
● APIs are critical security borders for cloud services, so we use multiple measures to protect them. Huawei Cloud provides open APIs through Huawei-developed API Gateway. API Gateway can authenticate identities, protect transmission and borders, and limit API traffic, providing comprehensive protection for APIs.
-
How does Huawei Cloud secure my data on the cloud?
We consider data asset protection as the core of our security policies. Huawei Cloud complies with industry-leading standards on data security lifecycle management and adopts excellent technologies, practices, and processes for identity authentication, permissions management, access control, data isolation, transmission security, storage security, data deletion, and physical device destruction. You can find more information on these practices in the Huawei Cloud Data Security White Paper.
You own all the content data generated when you use services on Huawei Cloud, and have full control over the data. You are responsible for configuring security measures for specific data and ensuring the confidentiality, integrity, availability, and data access identity authentication and authorization. For example, if you use Identity and Access Management (IAM) and Data Encryption Workshop (DEW), you are responsible for keeping your accounts, passwords, and keys safe, and shall comply with industry best practices in configuring, updating, and resetting passwords and keys. You can check more data security products on the Security page.
Huawei Cloud will never access your content data without you express authorization. We comply with all applicable laws and regulations, regularly update services to meet internal and external compliance requirements, evaluate security status based on industry standards, and share our compliance practices to maintain transparency.
-
Does Huawei Cloud Transfer My Data to Other Regions or Countries?
Content data: You can decide where your content data is stored under the terms of the local regulations. Huawei Cloud will not transfer your content data to other regions without your explicit consent. If you plan to transfer content data across borders and need assistance from Huawei Cloud, contact and authorize Huawei Cloud support to transfer data.
Personal data: In order to provide the Services to you, we may store your personal data in countries/regions where Huawei Cloud, Huawei Cloud’s affiliate companies, or Huawei Cloud’s service providers or subcontractors are located. This means your personal data may be transferred to countries or regions outside the places where you are located or where we collect your personal data, and be accessed and stored in those jurisdictions.
These jurisdictions may have different data protection laws, which may impose less stringent data protection requirements. In such cases, we will ensure the transfer is in accordance with applicable laws and regulations (including by ensuring that overseas recipients are subject to confidentiality and data protection obligations where appropriate), as well as the Privacy Policy Statement.
-
What services can I use to improve cloud security?
With years of security experience and data security as the core, Huawei Cloud provides a series of multi-dimensional and in-depth security services that integrate hardware and software. For instance, there are services to manage the security posture of your system. You can also find Web Application Firewall, which can protect your cloud workloads and applications. There are also many data security services that can protect your data assets on the cloud. You can check out more data security products under Huawei Cloud's [Security & Compliance] category.
You can easily build a comprehensive security system based on Huawei Cloud infrastructure and security services.
-
How does Huawei Cloud help me enhance security for operations and maintenance?
In the DevOps or DevSecOps process, operations and maintenance are as important as R&D. Huawei Cloud attaches great importance to O&M and has abundant practices in O&M security, vulnerability management, security event management, business continuity, and disaster recovery management. Take O&M access as an example. Huawei Cloud uses the VPN and CBH deployed in your data center to manage and audit your server O&M in a unified manner, and takes different security control measures for different operations. For more information, see "Operational Security" in Huawei Cloud Security White Paper.
You can also learn about secure and intelligent O&M from Huawei Cloud courses. For details about services recommended for O&M security, go to the O&M Security page.
-
What do I do to meet security and compliance requirements?
Security and compliance is a shared responsibility between Huawei Cloud and customers. That is, Huawei Cloud is responsible for the security compliance of cloud services, and you assume the responsibilities of the service security and compliance inside your organization.
Huawei Cloud keeps updating to meet the changing internal and external compliance requirements, ensures the legal and regulatory compliance of cloud services, strictly enforces security standard evaluations in a range of industries, and shares compliance practices with tenants to keep services transparent.
You need to check the applications and services that you deployed on Huawei Cloud but do not belong to Huawei Cloud against the applicable security laws and regulations.
-
How do I get notified from Huawei Cloud of security events?
We will notify you of security events by email within the time require to comply with applicable laws and regulations. We will make every effort to minimize impacts on your services. In addition, we will post the latest security events and vulnerabilities on the security bulletin page on our website.
-
What security tests does Huawei Cloud perform to ensure the security of cloud services?
In the development and coding phase, we introduce static code scanning tools to check the code on a daily basis. All alarms generated during static code scans are cleared before the product or service can be release.
All cloud services have passed multiple rounds of security tests before being released. Those tests include but are not limited to API security testing, code and vulnerability scanning, and penetration testing.
After a cloud service is rolled out, our security O&M team will perform security tests such as periodic vulnerability scans and penetration testing to ensure product security and eliminate data breach risks.
We provide Rules for Customer Penetration Testing on Huawei Cloud. You are welcome to test the security of your cloud services on Huawei Cloud in accordance with these rules.
-
How can I report security vulnerabilities?
If you suspect that Huawei Cloud resources are being used inappropriately or encounter any security vulnerabilities in the Huawei Cloud website, products, or services, please email hwssecurityeu@huaweicloud.com. For a more effective response to your report, please provide supporting materials (such as vulnerability reproduction conditions, proof-of-concept code, the IP address of the resource being used inappropriately, and suspicious behavior logs) to help the security response team understand the issue thoroughly. We will reply to all feedback. You will receive a confirmation email within one working day of your initial feedback.
Resources
Huawei Cloud Security White Paper
White Paper for Huawei Cloud Data Security