Huawei Cloud GaussDB(DWS) Certified by CC for Its Strong Security Capabilities
Mar 28, 2022
On March 8, 2022, the Huawei GaussDB 200 data warehouse, also known as Huawei Cloud GaussDB(DWS), was officially granted the CC EAL2 + ALC_FLR.2 — an international authoritative security certification for information technologies. Only six vendors worldwide have obtained this certification.
The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard (ISO 15408) for evaluating the information security of IT products. The Common Criteria Recognition Arrangement (CCRA) comprises 31 member countries/regions, including the U.S., UK, Germany, France, and Japan. It is one of the most highly respected security certifications in the world.
By conducting over 100 tests, the certification body evaluates product and document security from six aspects. Huawei Cloud GaussDB(DWS) passed with comprehensive security solutions, covering fine-grained security audits, built-in data masking, and fine-grained permissions management. The certification demonstrates how Huawei Cloud GaussDB(DWS) meets strict security standards as an industry-leading data warehouse.
Strong Security in Six Aspects
Huawei Cloud GaussDB(DWS) is a distributed database with analytics and hybrid load capabilities. It can be utilized for enterprise data warehouses, data marts, data exploration, IoT analysis, and hybrid load processing. GaussDB(DWS) employs enterprise-grade financial kernels and a unified architecture, provides public and hybrid cloud services with consistent user experience, and is used for analytics and decision-making systems in industries such as automobile, manufacturing, retail, logistics, Internet, finance, government, and telecom.
It provides robust measures to protect data assets against risks and threats, and earned the certification by passing the following tests:
Security audit log: Configurable fine-grained security audits implement security event backtracking, detection, and alarm response, deterring malicious behavior.
User data protection: Data masking policies can be created to prevent sensitive information from leaking, and an encryption cluster automatically encrypts static user data. As for fine-grained permission management, users must pass the permission check before performing any operations. In addition, the database administrator cannot add, delete, query, or modify the objects of private users without authorization.
Identity authentication and authorization: This refers to identity authentication based on IAM along with usernames and passwords. The system minimizes permissions by default and supports role-based permission management to prevent unauthorized access.
Security management: Security attributes, security functions, and roles can be managed, and user security policies can also be configured, including the password reuse period, number of permitted login failures, password validity period, and password complexity. Additionally, network access control can be configured, including user permission management, IP permission management, SSL connection, and permission management for databases, modes, and database objects.
Security self-protection: Security functions and their data are self-protected to prevent damage or evasion. To implement self-protection, users can perform full backup, full restoration, incremental backup, and incremental restoration of clusters.
Client access: When a client accesses and performs operations on GaussDB(DWS), a user session must be established first, allowing the client to interact with GaussDB(DWS). User sessions can be controlled from different dimensions, including password validity period; number of concurrent sessions; session establishment, locking, unlocking, and termination; IP address permission management; and access of specific users and IP addresses.