Help Center/ Cloud Adoption Framework / Cloud Adoption Framework and Practices/ Top-Level Planning/ Security Architecture Design/ Introduction to Security Architecture Design
Updated on 2025-05-07 GMT+08:00
View PDF
Share

Introduction to Security Architecture Design

Cloud security and traditional IT security have the same aim to protect data and system, but they significantly differ in infrastructure, security responsibilities, security management, compliance, and audit.

  • In terms of infrastructure, traditional IT security protects enterprise-built physical hardware and network facilities. Security measures aim to protect physical environment and internal network using tools like firewalls, intrusion detection systems, and antivirus software. Cloud security, however, relies on virtualization technologies and cloud service providers' infrastructure. It must address challenges like securing the virtualization layer, ensuring data isolation in shared systems, and protecting APIs.
  • In terms of security responsibilities, in traditional IT environments, enterprises take full responsibility for security at all layers, including physical hardware, networks, operating systems, applications, and data. In the cloud environment, the shared responsibility model for security is used. Under this model, cloud service providers secure the infrastructure layer, covering data center safety, network safety, and virtualization platform safety. Enterprises, as tenants of cloud services, are responsible for the security configuration and management of the operating systems, applications, and data on the cloud.
  • In terms of security management and technical implementation, traditional IT security relies more on hardware devices. Security policies need to be manually implemented and updated, which takes a long time. Cloud security, however, leverages the rich security tools and services provided by cloud service providers, such as IAM, virtual firewalls, security groups, and encryption services, to support automated and programmable security management. Cloud security can quickly respond to and adjust security policies, improving security management efficiency.
  • In terms of compliance and audit, traditional IT enterprises need to ensure security compliance and invest a large number of resources in audit and certification. Cloud providers often hold various global security certifications. Enterprises can build on this compliance framework while managing the compliance of their own applications and data.

Huawei Cloud's overall cloud security design and practices offer complete, multi-dimensional, flexible, and customizable security and privacy features, covering infrastructure, platform, application, and data security. In addition, Huawei Cloud security services let you customize a variety of advanced security settings. These security services boast deep integration with cloud service security features, settings, and controls across a multi-layered architecture. They present the seamless orchestration of a number of siloed technologies and increasingly automated cloud security O&M.

In conclusion, cloud security and traditional IT security differ greatly in their focuses and execution. During cloud migration, enterprises need to review and update their security policies and architecture. They should leverage built-in cloud-native security features from cloud service providers, align with cloud-based security practices, and safeguard their services and data.