Ensuring the security and compliance of your cloud services is a responsibility shared between you and Huawei Cloud. Unlike traditional on-premises data centers, cloud computing separates operators from users. This approach not only enhances flexibility and control for users but also greatly reduces their operational workload. Cloud security cannot be guaranteed by a single party alone. It requires the combined efforts of both you and Huawei Cloud to ensure a secure environment.
Cloud security responsibilities are determined by control, visibility, and availability. When you migrate services to the cloud, assets, such as devices, hardware, software, media, VMs, OSs, and data, are controlled by both you and Huawei Cloud. This means that your responsibilities depend on the cloud services you select. You can select from the different cloud service categories, such as IaaS, PaaS, and SaaS, shown in the figure, to meet different service requirements. As control over components varies across different cloud service categories, the responsibilities are shared differently.
Huawei Cloud's responsibilities: Huawei Cloud is responsible for infrastructure security, including security and compliance, regardless of cloud service categories. The infrastructure consists of physical data centers, which house compute, storage, and network resources, virtualization platforms, and cloud services Huawei Cloud provides for you. In PaaS and SaaS scenarios, Huawei Cloud is responsible for security settings, vulnerability remediation, security controls, and detecting any intrusions into the network where your services or Huawei Cloud components are deployed.
Customer responsibilities: As our customer, your ownership of and control over your data assets will not be transferred under any cloud service category. Without your explicit authorization, Huawei Cloud will not use or monetize your data, but you are responsible for protecting your data and managing identities and access. This includes ensuring the legal compliance of your data on the cloud, using secure credentials (such as strong passwords and multi-factor authentication), and properly managing those credentials, as well as monitoring and managing content security, looking out for abnormal account behavior, and responding to it, when discovered, in a timely manner.
In On-premises scenarios, customers have full control over assets such as hardware, software, and data, so customers are responsible for the security of all components.
In IaaS scenarios, customers have control over all components except the underlying infrastructure. So, customers are responsible for securing these components. This includes ensuring the legal compliance of the applications, maintaining development and design security, and managing vulnerability remediation, configuration security, and security controls for related components such as middleware, databases, and operating systems.
In PaaS scenarios, customers are responsible for the applications they deploy, as well as the security settings and policies of the middleware, database, and network access under their control.
In SaaS scenario, customers have control over their own content, accounts, and permissions. They are responsible for ensuring legal compliance, securing their content, and configuring and protecting their accounts and permissions.
.svg)
undefined