Security Event Management
Security events refer to information leaks, data tampering, service unavailability, and other incidents that negatively affect the cloud service brand. These security events are caused by attacks or damage to cloud service networks. Attacks include network attacks (such as webshell attacks, vulnerability attacks, network scanning and eavesdropping, phishing attacks, and DDoS attacks), data damage threats (such as data tampering, spoofing, leaking, stealing, and loss), and data content security events (such as the publishing of unauthorized or illegal content). In order to handle security events in a professional, timely manner, cloud service providers are expected to set up professional security event response teams and corresponding security expert teams to provide 24/7 security services. Cloud service providers should also upgrade event classification standards and change response and resolution time limits based on the damage to the whole network and customers.
When responding to security events, Huawei follows the principles of quick detection, demarcation, isolation, and restoration.
O&M Account Management
To access the public cloud management network to centrally manage systems, O&M personnel must have employee identity accounts and multi-factor authorization, such as USB key and smart cards.
Functional accounts used for routine or emergency O&M are bound to specific individuals or O&M teams on the account management system. In addition, bastion hosts are used for log auditing to make sure that any operations performed by O&M personnel on the target host can be traced to a specific individual.
O&M Permission Management
System accounts and permissions are managed from two dimensions: account lifecycle and authorization management.
The account authorization process is as follows: When O&M personnel need to use accounts, they must start the authorization procedure. The accounts are authorized by adding passwords or upgrading permissions. An account cannot be applied for and approved by the same person.
Based on different service and responsibility dimensions, the login permissions are divided into core networks, access networks, security devices, service systems, hardware maintenance, monitoring maintenance, and database systems. Personnel can only access devices within their own management scope. All O&M accounts are centrally managed on the Unified Maintenance Audit (UMA) platform and automatically audited.
O&M Access Security
Huawei cloud services use a robust O&M system to ensure the continuous and stable running of cloud service data centers. Bastion hosts are deployed in the data centers to centrally implement O&M management and audit. The external and internal network O&M personnel perform all local and remote operations for networks and servers on the bastion hosts. The O&M personnel can directly connect to the specified device through the nested remote desktop connection, so that users can centrally access, authenticate, authorize, and audit device resources.
Vulnerabilities are defects or weaknesses in system design, deployment, and O&M that can be exploited to violate system security policies. It is important for cloud service providers to establish a vulnerability response procedure that covers vulnerability collection, investigation, fixes, and disclosure, as well as developing corresponding vulnerability response Service Level Agreements (SLAs). If a vulnerability is exploited on the live network, the security event response process must be started immediately to quickly isolate the network and fix the vulnerability.
HUAWEI CLOUD uses its self-developed vulnerability management system to manage vulnerabilities so that vulnerabilities of infrastructures, services, and O&M tools from both Huawei and third parties can be detected and fixed within the time specified in the SLA. As a result, vulnerabilities are almost never exploited on live networks.
HUAWEI CLOUD uses the Common Vulnerability Scoring System (CVSS), an industry best practice, as the standard for determining vulnerability severity. Because the public cloud is exposed to the Internet, the Exposure to Internet (ETI) criteria is also used during vulnerability severity assessment. SLA requirements are prepared based on the vulnerability severity and actual risks on the live network.
Centralized Log Management
HUAWEI CLOUD uses an industry-leading log management system which can interconnect with a third-party security information and event management (SIEM) system and threat analysis platform. The log management system can collect and sort logs, as well as visualize, audit, and track security events.