Help Center> Cloud Bastion Host> Service Overview> Security> Data Protection Controls
Updated on 2024-05-16 GMT+08:00
View PDF

Data Protection Controls

No personal data is gathered by a CBH instance. After an instance is created, you need to create a user account for logging in to the CBH system. Creating a user account for logging in to the system requires personal data.

To ensure that your personal data, such as the username, password, and mobile phone number for logging in to a CBH system, cannot be obtained by unauthorized or unauthenticated entities or people and to prevent data leakage, CBH encrypts your personnel data in transit and in storage to control access to the data and records logs for operations performed on the data.

Personal Data to Be Collected

The following lists the personal data generated or collected by CBH.

Service

Type

Collection Method

Modifiable

Mandatory

CBH instances

Login name

Login name configured by the system administrator during user creation

No

Yes

Login names are used to identify users.

Password
  • Password configured by the system administrator during user creation or password resetting
  • Password reset during or after the first login

Yes

Yes

This password is used by the user to log in to a CBH system.

Email address
  • Email address configured by the administrator during user creation
  • Email address entered by a user after the user logs in to the CBH system

Yes

Yes

This email address is used to receive notifications sent by the CBH system.

Phone number
  • Mobile phone number configured by the administrator during user creation
  • Mobile phone number entered by a user after the user logs in to the CBH system

Yes

Yes

  • This mobile phone number is used to receive SMS notifications from the CBH system.
  • This mobile phone number is also used to receive verification codes sent by the CBH system during password resetting.
  • Transmission Mode

CBH supports HTTP and HTTPS. HTTPS is recommended to enhance the security of data transmission.

  • Storage Mode

CBH uses advanced encryption algorithms to encrypt users' sensitive data and stores encrypted data.

  • Login names are not sensitive data and stored in plaintext.
  • Passwords, email addresses, and mobile numbers are encrypted for storage.
  • Access Control

Your personal data is encrypted for storage in CBH. A security code is required for the system administrators and upper-level administrators when they attempt to view your mobile number and email addresses. However, plaintext passwords are invisible to anyone.

  • Two-factor Authentication

After multi-factor authentication is configured for a user, the user needs to be authenticated twice when logging in to the CBH system. The secondary authentication includes SMS message, mobile OTP, USB key, or dynamic token. This protects sensitive user information from breaches.

Parent topic: Security