Press Release > HUAWEI CLOUD Comes to the World's Top Three in BSIMM Security Capabilities

HUAWEI CLOUD Comes to the World's Top Three in BSIMM Security Capabilities

Feb 23, 2018 GMT+08:00

Recently, Cigital announced that HUAWEI CLOUD passed the BSIMM security assessment with high scores and its software security capabilities entered the world's top three. Huawei is the first and exclusive cloud service provider that has passed the assessment in China.

What is BSIMM?

The Building Security In Maturity Model (BSIMM) is a security research project launched by Cigital in 2008. BSIMM divides software security into four domains, 12 practices, and 113 activities to measure software security. Companies can select corresponding practices and activities as required, continuously improving software security. Currently, 129 companies, including Microsoft, are involved in BSIMM.

In 2013, Huawei cooperated with Cigital by introducing BSIMM to evaluate overall security capabilities of products, including security standard policies, training, architecture, and testing. We are continuously improving our security maturity through targeted security plans.

What does passing the BSIMM security assessment mean for HUAWEI CLOUD?

First, passing this authoritative assessment means that both HUAWEI CLOUD service security and user privacy protection are strictly certified by this third-party authority, allowing users to use HUAWEI CLOUD more easily and safely.

Second, complying with BSIMM dramatically improves cloud service quality. After passing this assessment, we became recognized by international authorities in software security management and technical capabilities. Passing this assessment marks the moment Chinese enterprises entered the world's leading position in informatization and security compliance.

Finally, Huawei attaches great importance to user data and privacy security, investing heavily to obtain short- and long-term returns.

What authoritative security certifications and assessments has HUAWEI CLOUD passed in the last year?

Over the last year Huawei has made unremitting efforts to obtain various security compliance certifications, striving to improve the legal compliance and security of each HUAWEI CLOUD service and enable users with secure cloud services.

  • BSIMM: China's first and exclusive provider that passed the assessment, with scores among the world's top three.

  • Payment Card Industry Data Security Standard (PCI DSS): an information security standard for organizations that handle branded credit cards from the major card schemes, meeting financial enterprise requirements

  • Review by Cyberspace Administration of China (CAC): an authoritative national cloud security review

  • ISO 27001 certification: the most authoritative, strictest, and most widely recognized and applied information security management standard

  • CSA STAR certification: an enhancement to ISO 27001, with stricter requirements

  • Trusted Cloud: a program of the Cloud Security Alliance industry group created to help cloud service providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations and practices. Passing Trusted Cloud certification further strengthens the leadership position of HUAWEI CLOUD in the e-Government industry.

  • Level 3 security protection standard: a Chinese security standard, meeting Chinese operation requirements

Commitments to ensure the security and neutrality of user data

Huawei is the first cloud provider in China, to make the following commitments: Do not touch customer applications or data; do not make equity investment in partner services. Huawei released HUAWEI CLOUD Security White Paper globally in September 2017 emphasizing that cloud service providers must ensure user data security and neutrality. HUAWEI CLOUD has built a full-stack protection matrix covering physical devices, networks, hosts, applications, and data to protect user security. For example, Huawei provides the most comprehensive database security services, such as Database Security Service, in China. Huawei is the first cloud provider in China, to deliver cloud encryption keys, Key Management Service, for users, achieving the preceding commitments technically. At present, these commitments have been highly recognized by users and followed by other cloud providers.

Huawei has always strived to build a secure cloud platform. Huawei pledges to continuously explore user service requirements, learn the best practices in the industry, optimize those practices in the R&D process ensure all security elements are effectively implemented during the R&D process, improve product robustness, enhance privacy protection, and provide users with more and more secure cloud services and solutions.

Click to learn about HUAWEI CLOUD security products: