We consider data asset protection as the core of our security policies. Huawei Cloud complies with industry-leading standards on data security lifecycle management and adopts excellent technologies, practices, and processes for identity authentication, permissions management, access control, data isolation, transmission security, storage security, data deletion, and physical device destruction. You can find more information on these practices in the Huawei Cloud Data Security White Paper.

You own all the content data generated when you use services on Huawei Cloud, and have full control over the data. You are responsible for configuring security measures for specific data and ensuring the confidentiality, integrity, availability, and data access identity authentication and authorization. For example, if you use Identity and Access Management (IAM) and Data Encryption Workshop (DEW), you are responsible for keeping your accounts, passwords, and keys safe, and shall comply with industry best practices in configuring, updating, and resetting passwords and keys. You can check out more data security products under Huawei Cloud's [Security & Compliance] category.

Huawei Cloud will never access your content data without your express authorization. We comply with all applicable laws and regulations, regularly update services to meet internal and external compliance requirements, evaluate security status based on industry standards, and share our compliance practices to maintain transparency.

Content data: You can decide where your content data is stored. Huawei Cloud will not transfer your content data to other regions without your explicit consent or unless required by legal obligations. If you plan to transfer content data across borders and need assistance from Huawei Cloud, contact and authorize Huawei Cloud support to transfer data.

Personal data: We provide products and services for you through our global resources and servers. Any personal data we collect may be stored in the countries or regions where we, our affiliates, service providers, and subcontractors are located. This means that your personal data may be transferred to other jurisdictions outside the country or region where the product or service you use is located, or may be accessed from these jurisdictions.

The laws protecting personal data vary by jurisdiction. Different jurisdictions may have laws protecting personal information to varying degrees or may not have personal data protection laws. Huawei Cloud ensures that your personal data is protected in compliance with applicable laws, regulations, and the Privacy Policy Statement. If you are a user in the Chinese mainland, your personal data will be stored on servers in the Chinese mainland.

With years of security experience and data security as the core, Huawei Cloud provides a series of multi-dimensional and in-depth security services that integrate hardware and software. For instance, there are services to manage the security posture of your system, such as Situation Awareness (SA) and Managed Threat Detection (MTD). You can also find Host Security Service (HSS) and Web Application Firewall, which can protect your cloud workloads and applications. There are also many data security services that can protect your data assets on the cloud, including Data Security Center (DSC), Data Encryption Workshop (DEW), and Data Lake Governance Center (DGC). You can check out more data security products under Huawei Cloud's [Security & Compliance] category.

You can easily build a comprehensive security system based on Huawei Cloud infrastructure and security services.

In the DevOps or DevSecOps process, operations and maintenance are as important as R&D. Huawei Cloud attaches great importance to O&M and has abundant practices in O&M security, vulnerability management, security event management, business continuity, and disaster recovery management. Take O&M access as an example. Huawei Cloud uses the VPN and CBH deployed in your data center to manage and audit your server O&M in a unified manner, and takes different security control measures for different operations. For more information, see "Operational Security" in Huawei Cloud Security White Paper.

You can also learn about secure and intelligent O&M from Huawei Cloud courses. For details about services recommended for O&M security, go to the O&M Security page.

Security and compliance is a shared responsibility between Huawei Cloud and customers. That is, Huawei Cloud is responsible for the security compliance of cloud services, and you assume the responsibilities of the service security and compliance inside your organization.

Huawei Cloud keeps updating to meet the changing internal and external compliance requirements, ensures the legal and regulatory compliance of cloud services, strictly enforces security standard evaluations in a range of industries, and shares compliance practices with tenants to keep services transparent.

You need to check the applications and services that you deployed on Huawei Cloud but do not belong to Huawei Cloud against the applicable security laws and regulations.

For more information about Huawei Cloud certifications and regulation compliance, check our Compliance Center and Resources.