Graded Protection of Information Security

With first-rate security capabilities and a complete ecosystem, HUAWEI CLOUD provides a one-stop solution to help customers comply with graded protection requirements efficiently and economically.
Solution Introduction
  • Shared Responsibilities

  • Service Process

  • Ecosystem

Shared Responsibilities

HUAWEI CLOUD shares responsibilities with tenants. HUAWEI CLOUD and tenants are evaluated separately.

  1. What HUAWEI CLOUD Provides

    Registration record for graded protection, evaluation report pages of HUAWEI CLOUD at request, and description of evaluation items of HUAWEI CLOUD

  2. Responsibility Sharing

    Tenants are responsible for configuring the cloud services provided by HUAWEI CLOUD and operating as well as maintaining the information systems deployed by themselves. HUAWEI CLOUD is responsible for the cloud services that it provides.

Service Process

HUAWEI CLOUD provides a one-stop graded protection service based on its security products and top-quality resources in the industry.

  1. Service Process

    HUAWEI CLOUD recommends excellent consulting and evaluation institutions. In addition, it offers a complete set of security products and services to help customers pass graded protection evaluation quickly and smoothly.

Ecosystem

A complete ecosystem expedites graded protection evaluation.

  1. Division of Work

  2. Customers

    Sign service contracts with consulting companies and evaluation institutions and rectify systems according to graded protection requirements.

  3. HUAWEI CLOUD

    Recommends consulting companies or evaluation institutions and tailors security solutions for customers.

  4. Consulting Companies

    Clear customers' doubts and help customers throughout the evaluation.

  5. Evaluation Institutions

    Evaluate customers' system and provide evaluation reports, with rectification suggestions given.

  6. Public Security Agencies

    Examine customers' registration applications and check customers' systems after evaluation

Baseline of Graded Protection of Cyber Security
  • Location & Environment Security

  • Network & Communication Security

  • Device & Computing Security

  • Application & Data Security

  • Security Management

Location & Environment Security

  1. Building

    Data centers must be housed in earthquake-resistant structures and sheltered from natural elements such as rain and wind.

  2. Access Control

    Entry and exit points within the data center should be electronically controlled. All personnel should be properly identified and monitored.

  3. Location

    Cloud computing infrastructure must be set up within China.

  4. Anti-Theft/Sabotage

    Data centers must either be equipped with the proper alarm systems or have dedicated security personnel monitoring video surveillance.

  5. Power Supply

    A backup power system must be installed for computer systems.

  6. Strategies

    Deploy the infrastructure of HUAWEI CLOUD within China.
    The security evaluation result of HUAWEI CLOUD can be quoted by customers.

Network & Communication Security

  1. Network Architecture

    Security policy sets must be customizable by tenants, such as definition of access paths, selection of security components, and configuration of security policies.

  2. Access Control

    Access control mechanisms and rules must be working at network borders.

  3. Transmission

    Data integrity must be ensured with verification or encryption/decryption technologies during transmission.

  4. Border Protection

    Cross-border access and data streams must be communicated using controlled ports of border protection equipment

  5. Intrusion Prevention

    Attacks must be detected, prevented, or limited at crucial network nodes. All information related to an attack — IP addresses, attack type, target, and time — must be recorded. In the case of a serious attack, relevant authorities must also be notified.

  6. Security Audit

    Audit data must be collected based on the responsibilities of HUAWEI CLOUD and tenants.

  7. Strategies

    Set policies with security groups or vNGFWs to control cross-border data flows and block unauthorized access. Use VPN and security certificate services and encrypt data to prevent data corruption and theft during transmission. Employ anti-DDoS and web application firewall products to defend against ever-increasing DDoS and web attacks. Adopt vNGFW and cloud audit services to audit network behaviors at network borders. This measure can be taken together with host, application, and network audit measures.

Device & Computing Security

  1. Authentication

    Two-way authentication must be in place between tenants' management terminals and cloud platforms.

  2. Access Control

    Accounts with different rights must be assigned to different administrators, such as network administrators and system administrators.

  3. Security Audit

    Audit data must be collected based on the responsibilities of HUAWEI CLOUD and tenants. Collected data must be analyzed centrally on one platform.

  4. Intrusion Prevention

    Functions must be provided to detect resource isolation failure between virtual machines and report alarms accordingly.

  5. Malicious Code Prevention

    Functions must be provided for detecting malicious code and its spread among virtual machines and reporting alarms accordingly.

  6. Strategies

    Use bastion hosts or database security services to audit operations on databases and servers. Limit the rights of administrators and forbid them to share accounts. Implement access control policies and forbid unauthorized operations. Employ host security services to prevent intrusions, identify vulnerabilities, and update databases of malicious code.

Application & Data Security

  1. Identification

    Users' unique identities must be authenticated during login attempts. The authentication information must be complex and regularly changed.

  2. Access Control

    Accounts should only have rights sufficient to perform duties. Separation of rights must be implemented for accounts of different types.

  3. Security Audit

    Audit data must be collected based on the responsibilities of HUAWEI CLOUD and tenants. Collected data must be analyzed centrally on one platform.

  4. Data Integrity

    Data integrity and confidentiality must be ensured during transmission with verification code or encryption/decryption technologies.

  5. Data Backup and Restoration

    Tenants must back up their business data locally.

  6. Strategies

    Tenants' business systems must have their own identification, access control, and security audit functions. Employ security certificate services to implement HTTPS-based data transmission. Use cloud disk backup services to back up data.

Security Management

  1. Management System

    An information security management system (ISMS) consisting of security policies, management rules, operation procedures, and records must be in place.

  2. Committee and Members

    An information security committee or leader group must be formed. It must be chaired by someone appointed by the company leader.

  3. Security Planning and Solution Design

    The planning and design must be carried out and documented based on the protection grades of protected objects and their relationship with objects of other grades.

  4. Security O&M Management

    Measures must be taken to identify security vulnerabilities and potential risks. Vulnerabilities and risks must be fixed immediately or after an evaluation.

Business Challenges
  • Complex Evaluation Process

    Graded protection is an established information security baseline in China, but its complexity may be daunting to customers who are new to it.

  • Varying Service Quality

    Demand for specialized security solutions is high; however, companies providing such services vary greatly in service quality.

  • Difficult Solution Selection

    Security solutions must constantly evolve in response to developments in technology. As a result, selecting a suitable solution can be a challenge for customers.

Solution Architectures

Architecture

This one-stop solution helps customers rectify systems and pass graded protection evaluation in a fast, cost-effective manner.

Requirements of Graded ProtectionLocation & Environment SecurityNetwork & Communication SecurityDevice & Computing SecurityApplication & Data SecuritySecurity Management

Solution Advantages
  • Top-Quality Service

    Industry-leading institutions work together to expedite graded protection evaluation.

  • Regulation-Compliant Platform

    HUAWEI CLOUD has passed grade-3 evaluation. This evaluation result can be quoted by tenants in their own evaluations.

  • Comprehensive Products

    HUAWEI CLOUD provides a wide variety of security products to help customers pass evaluation in a fast, cost-effective manner.

  • Complete Ecosystem

    The HUAWEI CLOUD ecosystem offers a broad range of experienced and trustworthy partners.

Recommended Services
  • Database Security Service
    DBSS protects RDS instances and other databases installed on ECSs or BMSs. This helps customers meet graded protection requirements.
  • Host Security Service
    HSS inspects operating systems and displays detected issues such as weak passwords and malicious programs. HSS also prompts users to harden their systems to prevent intrusion.
  • Web Application Firewall
    WAF precisely defends against OWASP Top 10 attacks. It helps prevent data leakage to ensure website security and availability.

Create an Account and Experience HUAWEI CLOUD for Free

Register Now