Updated on 2024-05-20 GMT+08:00

Security

Shared Responsibility Model

Huawei Cloud is responsible for the infrastructure security. You are responsible only for the security of applications running at the edge sites, the security of the locations of the edge sites, and the security and availability of the networks between edge sites and the cloud.

Communication Security

O&M and service connectivity between edge sites and the cloud is secured as follows:

  • O&M connectivity: CloudPond provides a built-in Virtual Private Network (VPN) for ensuring secure transmission of O&M data and management data over the network.
  • Service connectivity: Service data is securely transmitted between CloudPond sites and the cloud over the VPC.

Data Security

CloudPond inherits the data security governance requirements of Huawei Cloud. For details, see the Huawei Cloud Data Security White Paper.

  • Secure data transmission: Data is encrypted before being transmitted between edge sites and the cloud.
  • Secure data use: It is recommended that you identify sensitive data, encrypt it, and use security groups or network access control lists (ACLs) to control access to resources. In addition, you can use Cloud Trace Service (CTS) for auditing.
  • Secure data destruction: Before you stop any edge site, dump the data for later use. All data about the edge sites will then be unrecoverably deleted in compliance with industry standards.

Access Control

You can create IAM users to grant minimum permissions required for completing specific tasks, and periodically review the granted permissions. For details, see IAM Best Practices.

CloudPond Infrastructure Security

Huawei Cloud is committed to building a trusted cloud platform. CloudPond inherits all security specifications of Huawei Cloud. For details, see the Huawei Cloud Security White Paper.

  • CloudPond adopts strict security isolation policies at both the user and platform layers. Huawei Cloud provides 24/7 security monitoring and operation services as well as the O&M of the CloudPond platform.
  • Host Security Service (HSS) is used to periodically scan for vulnerabilities, and patches are installed in a timely manner based on the Service Level Agreement (SLA) to fix vulnerabilities.
  • Huawei Cloud manages CloudPond account permissions in a centralized manner and changes access keys for each account periodically to prevent unauthorized access.