Data Perimeters
Huawei Cloud provides all-round data perimeters to protect your sensitive data through identity control policies, network control policies, and resource governance policies. Permissions are granted only to authenticated and trusted identities to access specific resources in a trusted network environment that meets security standards. As shown in the following figure, access requests from trusted identities to cloud resources using the Internet (untrusted network) are rejected. Access requests from untrusted identities to cloud resources using the local data center network (trusted network) are rejected. Access requests from trusted identities to object storage buckets (untrusted resources) of other enterprises are also rejected. Only access requests from trusted identities to cloud resources using the local data center network (trusted network) are allowed.
The all-round data perimeters provide the following data protection capabilities:
- Service accounts are not allowed to directly access the Internet. Only the DMZ network of the network operations account can be used to provide Internet services or access the Internet.
- Users can only access the Huawei Cloud management console from the intranet to prevent sensitive data from being transmitted over the Internet.
- You can restrict the regions that can be used by users and restrict data transfer within certain regions to meet compliance requirements such as General Data Protection Regulation (GDPR).
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
