We embed the security development lifecycle (SDL) management into the new DevOps process that features fast iteration to combine security R&D and O&M, securing cloud service activities without affecting fast and continuous integration, release, and deployment.

Design Security

  • Data Isolation

    • Data isolation prevents unauthorized access and customer data tampering, reducing the risk of data leaks.

    • Customer data isolation is an important feature of many Huawei Cloud services, such as Elastic Volume Service (EVS), Object Storage Service (OBS), and Scalable File Service (SFS).

    • You can use these cloud services to isolate data.

  • Data Encryption

    • Encryption protects both static data and data in transit.

    • Many Huawei Cloud services, such as EVS, can be integrated with Data Encryption Workshop(DEW) for key management and data encryption.

    • We also use encrypted transmission channels to ensure data confidentiality and integrity.

    • You can consider practices and capabilities of Huawei Cloud for the data encryption function of your services.

  • Data Redundancy

    • The redundant design effectively prevents data from ever being lost.

    • Huawei Cloud uses redundant backup and an erasure code (EC) algorithm to protect your data. These redundancy and verification mechanisms are used to detect and quickly restore any potentially damaged data.

    • You can use the provided reliability services to secure your business on the cloud.

  • Privacy Protection

    • Providing privacy protection functions greatly improves customer trust in you and increases product competitiveness.

    • Huawei Cloud incorporates privacy protection into the product development and design process.

    • For details about how to improve privacy of your application, check our Privacy by Design (PbD) page.

Development Security & Security Testing

  • Secure coding is critical to product and service security.
  • Secure Coding Standards

    To prevent, detect, and eliminate errors that may damage software security, we require developers to strictly comply with Huawei's secure coding specifications. Our developers all required to learn and are tested on these specifications before onboarding.

    Static Code Scanning

    We use scanning tools to regularly check static code and ensure there are no red flags before we release cloud services. This effectively reduces coding-related security issues.

  • Security tests can identify security risks of your products and is indispensable to security assurance.
  • We use self-developed security testing tools to check cloud services against security requirements identified in the design phase, during penetration testing, and against recognized industry standards. To ensure that the security requirements are met, cloud services must undergo multiple rounds of testing before they can be released.