Cover Story
Data-focused Security Agenda of the Cloud Era

Security mishaps in delivery of cloud services occur frequently. Leakage and loss of data produces huge losses to users, sometimes even devastating impacts. Naturally, data security is a top concern for adopters who want the conveniences and economies that the cloud offers yet are reserved about the associated risks. Providers of cloud services must be able to ensure the security and stability of their offerings if they hope to stay in the game because any incident can severely tarnish brand reputation.   

Supported by its impeccable record in providing ICT solutions prior to entering the cloud domain, Huawei is setting the bar in security. Huawei has been providing carrier-class security services for organizations of all sizes for years, and has earned the full confidence of those using the products and solutions in the most complete portfolio the industry has to offer. HUAWEI CLOUD is committed to providing secure, reliable, and sustainable cloud services. It ensures platform security with full-scope cloud security products able to meet the diverse needs of customers. 

Wide Recognition

In July of 2018, Huawei’s CEO Ren Zhengfei said in a speech to employees, "In the cloud era, cyber security and privacy protection issues will become increasingly more important. Cyber security and privacy protection are certainly at the top of Huawei's agenda." Incorporating Huawei's 30+ years of proven security practices, HUAWEI CLOUD has built a full-stack security service offering more than ten popular products across five main categories, including everything from application security to security management.

In the network security field, Advanced Anti-DDoS provides 5 Tbit/s defense bandwidth and achieves collaborative defense capabilities across the entire network with the response time down to seconds. Large-traffic attacks are thwarted and services remain online, helping enterprises rest assured that their business can continue with the strong and proactive defenses of HUAWEI CLOUD.

Overall host security is improved with such functions as asset management, vulnerability management, intrusion detection, and baseline inspection functions to intercept intrusion attempts and keep sites protected around the clock.

Web Application Firewall (WAF) and Vulnerability Scan Service (VSS) provide easy-to-use general purpose security extensions able to detect and protect website traffic in real time, frustrating any would-be attempt to tamper with content. Vulnerability scanning provides full-lifecycle security detection from the coding phase to the online operation phase. 

Database Security Service (DBSS) is an intelligence-enabled database protection service that runs reverse proxy and machine learning technologies. The service is able to provide such functions as sensitive data discovery, data masking, database auditing, and injection prevention. Data Encryption Workshop (DEW) covers Dedicated Hardware Security Module (Dedicated HSM), key management, key pair management, and several other available functions to keep data secure.

In the security management field, SSL Certificate Manager (SCM) ensures data remains completely secure in transit. Cloud Bastion Host (CBH) ensures channel security for at-scale deployments. The Situation Awareness (SA) service provides insights into known and potential on-cloud security threats. 

After more than three years of research and more than one year in development, HUAWEI CLOUD launched the AI-enabled Miranda security platform during Huawei Connect 2018. The new platform provides the intelligence-endowed advancements in efficiency of traditional rule matching models for improved network-wide defense with the inline AI capabilities. The following are just a few of the accomplishments of the Miranda platform: 

53% lowering of the missed alarm rate in Web Application Firewall Web. 

47% lowering of the missed alarm rate in the Database Security Service (DBSS).

Interception rate in Situation Awareness (SA) improved to 99%. 

49% reduction in the false alarm rate for Advanced Anti-DDoS. 

Achieved 90% detection rate in Host Security Service (HSS). 

HUAWEI CLOUD works ceaselessly to improve security of all environments to ensure complete security and compliance for the full range of cloud platforms and services. In one example of industry recognition, HUAWEI CLOUD earned CSA-STAR gold medal certification in 2017. Many more certificates were added to the bin in 2018. 

In February, Huawei passed the BSIMM security assessment with high scores, and its software security capability ranked top 3 in the world. HUAWEI CLOUD became the first in-country cloud service provider to earn the certification. 

In March, Huawei became China's first vendor to pass the PCI-DSS certification with all platforms, nodes, and services in scope. PCI-DSS is the strictest and most authoritative security certification standard for financial institutions in the world.  

In June, HUAWEI CLOUD passed the graded security protection level 4 certification of China's Ministry of Public Security with high scores, signifying the brand’s lead in meeting the compliance requirements of Graded Security Protection V2.0 and the ability to provide users with more secure and reliable cloud services. 

In July, HUAWEI CLOUD was awarded the ISO 27018 certification for all platforms, nodes, and services in the portfolio. This award shows that completeness of the personal data protection management system of the cloud arm and its leading position in data security management. That same month, Huawei also released the first complete public cloud backup and DR solution in China: the Multi Cloud DR solution covering cross-cloud backup, cross-cloud DR, and on-cloud DR scenarios. The solution effectively improves enterprise business continuity and ensures the security and reliability of critical data. 

In August, HUAWEI CLOUD e-government platform passed the cyber security review of the Cyberspace Administration of China in recognition of the brand’s enhanced security capabilities. It also won three awards at the 2018 Trusted Cloud Services (TRUCS) Conference hosted by the China Academy of Information and Communications Technology. HUAWEI CLOUD later won the Excellent Performance Award from the British Standards Institution (BSI) for its outstanding achievements in security and contributions to the industry.

In November, HUAWEI CLOUD passed the SOC1/2 audit on security control measures. The third-party audit adds to the long list of assurances that the internal control management practices of the Huawei brand top world standards.

In November 5, all nodes and services passed ISO20000 certification. HUAWEI CLOUD has been recognized by one international authority after the other for its service management practices – customer can rest assured that the offerings have been fully vetted in testing, live networks, and third-party audits.

HUAWEI CLOUD has always been proactive in responding to changes in the global compliance system and it quick to take on the corresponding actions. In May, the EU released the General Data Protection Regulation (GDPR), which is a new law on privacy protection. It is the most important data privacy protection change in the past 20 years, also the largest and most punitive privacy protection law in history. HUAWEI CLOUD is responsive and ready with systems and technologies, and has carried out a series of work to fulfill GDPR requirements.

Endless Pursuit in Building Security Capabilities

Huawei has been investing big in security technologies from the start. The history can be traced back to the establishment of Huawei Security Test Lab in 2000. In 2003, Huawei launched the industry's first network processer-based firewall. In 2008, Huawei set up a joint venture with Symantec to establish the Huawei Symantec security product line. The company later set up a security competence center in 2011. In 2012, Huawei ranked No. 1 in the domestic market for cyber security products. Huawei launched a series of cloud security solutions and services in 2015, each making full avail of the accumulated tech and know-how from the decades of investment. In 2016, the Key Management Service (KMS), and Anti-DDoS attack service were launched in Germany and Spain. In 2017, Advanced Anti-DDoS, Database Firewall Service, and a series of value-added security services were added to the catalog. In 2018, Huawei launched AI-enabled platforms, including Miranda, Cloud Bastion Host, Container Guard Service (CGS), and a series of other intelligence-enabled services with more slated for release soon.

Huawei has continuously built up its security capabilities over the last 30 years. These capabilities have penetrated into each capillary of R&D processes and systems at HUAWEI CLOUD, building multi-dimensional and full-stack security assurances.

Demonstrated Full Tech Arsenal – Continuous, Piggybacked Innovations

Focus, Persevere, Breakthrough, Reapply – this is the basic concept Huawei applies to its technical accumulations, with each R&D effort feeding off the collective. HUAWEI CLOUD integrates industry-leading cloud security concepts and practices to forge its robust security defenses. Huawei shares and learns from others to develop an overarching set of security strategies with continuous improvement at the baseline. The multi-dimensional extensive defense systems cover all sorts of architectures like IaaS, PaaS, SaaS, and dozens of cloud services.

With 30+ years of technical accumulation in security at its back, HUAWEI CLOUD commands a strong position. Taking Huawei's internal DR drilling as an example, a single switchover involves more than 500 systems with complex relationships. The volume of data switched during a drilling event totals up to 100 PB for a single system. No data has ever been lost or become inconsistent. Some events even involve up to 2,500 people who are able to continue to use the ERP and other related systems without any perception that a drill is taking place. During one drill event, more than 2,000 lines of revenue data were added and nearly 130,000 people visited the official Enterprise BG website.

Huawei's HyperMetro data synchronization technology has gone through eight years of R&D iteration. The data center DR solution has served more than 3000 enterprise private clouds. Huawei now opens its technical capabilities to the public cloud, the industry's first storage disaster recovery service able to handle multiple cross-regional AZs. In addition, Huawei is the first to provide on-cloud cross-AZ storage DR services. It cooperates with partners like Veritas and Information2 in the DR and backup field to build a comprehensive DR ecosystem covering all imaginable customer scenarios.

Great things are built over time. Huawei has painstakingly carved out its masterpieces in security technology over decades of accumulation. Huawei sticks to strict service boundaries, never monetizes customer data, and pledges not to invest in any applications or service partners, or contend for benefits with partners. Huawei works intently with its ecosystem partners to ensure security of its cloud service offerings and that everyone can win with HUAWEI CLOUD.

Provides Scalable, On-demand Computing Resources

Learn More