Help Center/ Well-Architected Framework/ Well-Architected Framework and Practices/ Security Pillar/ Infrastructure Security/ SEC05 Runtime Environment Security/ SEC05-01 Cloud Service Security Configuration
Updated on 2025-05-22 GMT+08:00
View PDF
Share

SEC05-01 Cloud Service Security Configuration

Security configuration is the minimal security requirement for information systems. For cloud services, it provides essential protection and establishes the baseline for security operations. Proper configuration of cloud services can help you prevent security vulnerabilities and data leakage, improving overall system security. Failure to meet security configuration baseline requirements can lead to significant risks.

  • Risk level

    High

  • Key strategies
    • Configure security policies for services based on Huawei Cloud Security Configuration Guide:
      • Container security, for example, container security configuration. Insecure container configurations in CCE may cause container escape.
      • System vulnerabilities, for example, whether the OS version is the latest version and whether the used version has vulnerabilities.
      • Open necessary ports. For example, check whether high-risk ports such as 22 and 3306 are open to the public network.
      • Do not set the OBS bucket where important service data is stored as a public or publicly readable bucket.
    • Periodically check cloud service security configurations.
      • Comprehensive check: Ensure that the baseline check covers all key cloud service configuration items, including identity authentication, access control, and network security.
      • Periodic and real-time check: Set a periodic automatic check plan and provide the real-time check function to evaluate the security status of cloud services immediately when necessary.
      • Risk assessment: Evaluate risks based on the check results, to be specific, identify resources of different levels, such as critical, high, medium, low, and warning.
  • Related cloud services and tools
    • Security Features: How to ensure cloud security has become the top concern for most enterprises and customers. Huawei Cloud is committed to ensuring the security of IaaS, PaaS, and SaaS cloud services and infrastructure, and providing advanced, stable, reliable, and secure products and services. This document describes how to configure Huawei Cloud services to meet your security objectives.
    • Config
    • SecMaster: Check the cloud service security configuration baseline using SecMaster to continuously protect customers' cloud service security.
    • Host Security Service (HSS): The latest version of HSS supports features of host security and container security, which is formerly known as Container Guard Service (CGS).