How HUAWEI CLOUD Harness On Cloud Security

In recent years, especially during the pandemic, we have observed that there has been a strong demand of enterprises and companies that are accelerating their digitalization journey and migrating to the cloud is in most organizations’ roadmaps. At the same time, new and complex cyber threats have also emerged at an alarming pace, and customers need to continuously review their cybersecurity posture and business processes to mitigate risks and threats.

Huawei has established comprehensive set of cloud security strategies and best practices as security baseline, with multi-layered security architecture to provide in-depth defense that is compliant with all relevant standards and regulations. Huawei designs and builds security into cloud architecture and continues to improve the security of commonly used services like Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). To support all of these, both Huawei Research and Development (R&D) and Operations and Maintenance (O&M) teams stay abreast on latest security developments; using DevSecOps methodologies to optimize the security of Huawei Cloud. Together with our ecosystem partners, we continue to make our customers as our top priority and deliver high-quality cloud services with value added security functions, providing advanced cloud security services and security consulting services.

Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, had released a list of top threats like data leakage, misconfigurations and change control, identity authentication, key management, account hijacking, etc. HUAWEI CLOUD has established a security architecture and solution (see figure below) to mitigate the CSA top threats.

Infrastructure Security as a core component of HUAWEI CLOUD multi-dimensional, full-stack cloud security system, where we have enhanced the security and compliance of our data centers, networks, and other infrastructure based on industry best practices.

HUAWEI CLOUD is deployed in multiple regions and availability zones (AZs) around the world. When it comes to network security design there are considerations like how to prevent any propagation of possible attacks, and minimize the potential impact of attacks. Huawei has also implemented a network segregation strategy by referencing and adopting the security zoning principle of ITU E.408 and industry best practices for network security. To ensure continuity of HUAWEI CLOUD operations, different communication planes have been designed and built into HUAWEI CLOUD network based on the need of business functions, security risk levels, and access privileges. Security hardening for all systems and middleware and attack prevention (anti-virus, anti-APT, anti-brute force, etc) to reduce attack surface and risks of attack. It is also essential to continuously monitor processes, status and key metrics to detect abnormalities.

Tenant Security is the other area which HUAWEI CLOUD takes serious consideration on as a necessary security requirement to protect our tenants in the cloud environment. Identity and Access Management (IAM) will enforce stringent account and access creation with two-factor authentication to manage both administrators and users access privileges.

We also consider APIs as another crucial security perimeter of cloud services and there is a need to employ multilayered protection mechanisms and measures to safeguard API security. APIs can be invoked through the API Gateway which will provide the necessary API protection mechanisms while the IAM performs identity authentication on each API request. The API Gateway also controls the frequency of each user's API access to ensure the availability and continuity of API based access. One other key component in Tenant Security is Key Management Service (KMS) which is a secure, reliable, and easy-to-use key escrow service that facilitates centralized key management for users to achieve better key security while KMS employs Hardware Security Module technology for key generation and management. There are cloud HSM services able to provide industry standard encryption or country-specific encryption algorithms and cipher suite strengths, allowing the cloud tenants to choose the most suitable option to meet their requirements.

HUAWEI CLOUD also provides a suite of cloud security services including value-added security as a service (Anti-DDoS, Vulnerability Scan Service, Web Application Firewall, etc), comprehensive security configurations and defense reports are also made available to help our tenants to achieve security compliance. In addition, HUAWEI CLOUD also provides comprehensive protection for users' data and information assets through security measures spanning many aspects such as confidentiality, integrity, availability, durability, and traceability. There is of great importance to the security of users' data and information assets, and its security strategy and policy include a strong focus on data protection. Huawei will always strive to best safeguard the privacy, ownership, and control of our tenants' data against data breaches and impacts on their business.

Cybersecurity is about shared responsibilities between Cloud Service Provider and customer. Huawei helps our customers by providing secure and trusted cloud services through collaboration with our ecosystem partners and in accordance with our committed lines of business, furthering our objective to safeguard and add value to our customers' business. Today, Huawei provides cloud services that comply with mandatory security standards and regulations, such as Singapore MTCS Level 3 and other related international certification such as ISO27001 and CSA STAR. Huawei has also attained Data Protection Trustmark (DPTM) from PDPC, demonstrated both capabilities and competence in data privacy and protection.

For more details，you may visit Huawei Cloud Trust Center website:
https://www.huaweicloud.com/intl/en-us/securecenter/overallsafety.html

Biography

Dennis Chan

DENNIS CHAN, Country Cybersecurity & Privacy Officer, Huawei International