Help Center> Cloud Bastion Host> Service Overview> Personal Data Protection Mechanism

View PDF

Personal Data Protection Mechanism

No personal data is gathered by a CBH instance. After an instance is created, you need to create a user account for logging in to the CBH system. Creating a user account for logging in to the system requires personal data.

To ensure that your personal data, such as the username, password, and mobile phone number for logging in to a CBH system, will not be obtained by unauthorized or unauthenticated entities or people and to prevent data leakage, CBH encrypts your personnel data before storing it to control access to the data and records logs for operations performed on the data.

Personal Data to Be Collected

Table 1 lists the personal data generated or collected by CBH.

**Table 1** Personal data
Item	Type	Collection Method	Can Be Modified	Mandatory
CBH instances	Login name	Login name configured by the system administrator during user creation	No	Yes Login names are used to identify users.
	Password	Password configured by the system administrator during user creation or password resetting Password reset by a user when they log in to a CBH system for the first time or password changed by a user after the user logs in to the CBH system	Yes	Yes This password is used by the user to log in to a CBH system.
	Email	Email address configured by the administrator during user creation Email address entered by a user after the user logs in to the CBH system	Yes	Yes This email address is used to receive notifications sent by the CBH system.
	Mobile number	Mobile phone number configured by the administrator during user creation Mobile phone number entered by a user after the user logs in to the CBH system	Yes	Yes This mobile phone number is used to receive SMS notifications from the CBH system. This mobile phone number is also used to receive verification codes sent by the CBH system during password resetting.

Storage Mode

CBH uses encryption algorithms to encrypt users' sensitive data and stores encrypted data.

Login names are not sensitive data and stored in plaintext.
Passwords, email addresses, and mobile numbers are encrypted for storage.

Access Permission Control

Personal data of the CBH system users is encrypted for storage. A security code is required for the system administrators and upper-level administrators to view users' mobile numbers and email addresses. However, passwords of all users are invisible to all.

Two-factor Authentication

After multi-factor authentication is configured for a user, the user needs to be authenticated twice when logging in to the CBH system. The secondary authentication includes SMS message, mobile OTP, USB key, and dynamic token modes. This effectively protects sensitive user information.

Logging

The CBH system records audit logs for all operations on users' personal data, including adding, modifying, querying, and deleting data. The logs can be backed up to a remote server or local computer. Users with the audit permission can view and manage logs of user accounts in lower-level departments. The system administrator admin has the highest permissions and can view and manage operation records of all user accounts used to log in to the CBH system.

Last Article: CBH and Other Services

Next Article: Security Statement

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English