CLOUD SECURITY - HOW HUAWEI CLOUD HARNESS ON CLOUD SECURITY
How HUAWEI CLOUD Harness On Cloud Security
In recent years, especially during the pandemic, we have observed that there has been a strong
demand of enterprises and companies that are accelerating their digitalization journey and migrating
to the cloud is in most organizations’ roadmaps. At the same time, new and complex cyber threats
have also emerged at an alarming pace, and customers need to continuously review their cybersecurity
posture and business processes to mitigate risks and threats.
Huawei has established comprehensive set of cloud security strategies and best practices as security
baseline, with multi-layered security architecture to provide in-depth defense that is compliant
with all relevant standards and regulations. Huawei designs and builds security into cloud
architecture and continues to improve the security of commonly used services like Infrastructure as
a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). To support all of
these, both Huawei Research and Development (R&D) and Operations and Maintenance (O&M) teams stay
abreast on latest security developments; using DevSecOps methodologies to optimize the security of
Huawei Cloud. Together with our ecosystem partners, we continue to make our customers as our top
priority and deliver high-quality cloud services with value added security functions, providing
advanced cloud security services and security consulting services.
Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising
awareness of best practices to help ensure a secure cloud computing environment, had released a list
of top threats like data leakage, misconfigurations and change control, identity authentication, key
management, account hijacking, etc. HUAWEI CLOUD has established a security architecture and
solution (see figure below) to mitigate the CSA top threats.
Infrastructure Security as a core component of HUAWEI CLOUD multi-dimensional, full-stack cloud
security system, where we have enhanced the security and compliance of our data centers, networks,
and other infrastructure based on industry best practices.
HUAWEI CLOUD is deployed in multiple regions and availability zones (AZs) around the world. When it
comes to network security design there are considerations like how to prevent any propagation of
possible attacks, and minimize the potential impact of attacks. Huawei has also implemented a
network segregation strategy by referencing and adopting the security zoning principle of ITU E.408
and industry best practices for network security. To ensure continuity of HUAWEI CLOUD operations,
different communication planes have been designed and built into HUAWEI CLOUD network based on the
need of business functions, security risk levels, and access privileges. Security hardening for all
systems and middleware and attack prevention (anti-virus, anti-APT, anti-brute force, etc) to reduce
attack surface and risks of attack. It is also essential to continuously monitor processes, status
and key metrics to detect abnormalities.
Tenant Security is the other area which HUAWEI CLOUD takes serious consideration on as a necessary
security requirement to protect our tenants in the cloud environment. Identity and Access Management
(IAM) will enforce stringent account and access creation with two-factor authentication to manage
both administrators and users access privileges.
We also consider APIs as another crucial security perimeter of cloud services and there is a need to
employ multilayered protection mechanisms and measures to safeguard API security. APIs can be
invoked through the API Gateway which will provide the necessary API protection mechanisms while the
IAM performs identity authentication on each API request. The API Gateway also controls the
frequency of each user's API access to ensure the availability and continuity of API based access.
One other key component in Tenant Security is Key Management Service (KMS) which is a secure,
reliable, and easy-to-use key escrow service that facilitates centralized key management for users
to achieve better key security while KMS employs Hardware Security Module technology for key
generation and management. There are cloud HSM services able to provide industry standard encryption
or country-specific encryption algorithms and cipher suite strengths, allowing the cloud tenants to
choose the most suitable option to meet their requirements.
HUAWEI CLOUD also provides a suite of cloud security services including value-added security as a
service (Anti-DDoS, Vulnerability Scan Service, Web Application Firewall, etc), comprehensive
security configurations and defense reports are also made available to help our tenants to achieve
security compliance. In addition, HUAWEI CLOUD also provides comprehensive protection for users'
data and information assets through security measures spanning many aspects such as confidentiality,
integrity, availability, durability, and traceability. There is of great importance to the security
of users' data and information assets, and its security strategy and policy include a strong focus
on data protection. Huawei will always strive to best safeguard the privacy, ownership, and control
of our tenants' data against data breaches and impacts on their business.
Cybersecurity is about shared responsibilities between Cloud Service Provider and customer. Huawei
helps our customers by providing secure and trusted cloud services through collaboration with our
ecosystem partners and in accordance with our committed lines of business, furthering our objective
to safeguard and add value to our customers' business. Today, Huawei provides cloud services that
comply with mandatory security standards and regulations, such as Singapore MTCS Level 3 and other
related international certification such as ISO27001 and CSA STAR. Huawei has also attained Data
Protection Trustmark (DPTM) from PDPC, demonstrated both capabilities and competence in data privacy
and protection.
For more details,you may visit Huawei Cloud Trust Center website:
https://www.huaweicloud.com/intl/en-us/securecenter/overallsafety.html
Biography
Dennis Chan
DENNIS CHAN, Country Cybersecurity & Privacy Officer, Huawei International