Database Security Service Statement
Database Security Service Statement
Please read all the contents carefully before you agree to the HUAWEI CLOUD Database Security Service Statement (hereinafter referred to as "this Statement"). If you have any questions about the terms, please consult the HUAWEI CLOUD customer service. Accepting this Statement by selecting the Agree option on HUAWEI CLOUD or in another way indicates that you have read, understood, and accepted all the terms and conditions of this Statement. This Statement takes effect immediately upon acceptance. If you do not agree to this Statement, or to any of its terms, do not accept it by selecting the Agree option on HUAWEI CLOUD or in any other way.
Database Security Service (DBSS) is a security service that protects databases on clouds. Based on the reverse proxy and machine learning technologies, it provides functions such as sensitive data discovery, database audit, data masking, and injection attack prevention.
Database audit: To audit your databases, DBSS agents installed on your servers communicate with the analytics platform on the cloud. The analytics platform runs on a Dedicated Cloud (DeC) server instance allocated to you by HUAWEI CLOUD. You understand and agree to authorize HUAWEI CLOUD to use the agents to capture data from the database access traffic on your servers, and forward the data to the analytics platform for security audit and analysis. Data collected for audit purposes probably includes personal data, such as ID and bank card information. The agent forwards all the data to the analytics platform. If your servers and databases contain personal data, you shall ensure that you have obtained legal authorization in accordance with applicable laws and regulations.
To deploy DBSS audit agents in batches in a Cloud Container Engine (CCE) cluster, you need to add databases on the DBSS console and export the database configurations. Clicking Export Database Configurations on the DBSS console indicates that you understand and agree to authorize HUAWEI CLOUD to create an OBS bucket for storing your database configurations, and to upload backup data to the OBS bucket. You will be charged for the fees incurred by the OBS bucket. For details, see OBS Pricing.
You can log in to the DBSS console, and enable or disable database audit functions, such as defining the scope and types of data to be audited, and protecting audit records. A disabled function cannot be used.
Secure operations: The database audit agent plug-in can be installed on Windows and Linux OSs. To install the agent on the Windows OS, you need to download and install Npcap first. If data leakage occurs because your OS is not genuine or is infected by Trojans, you understand and agree to bear the consequences and ensure that HUAWEI CLOUD will not suffer any loss.
Access permissions: Database audit analysis results are displayed on the HUAWEI CLOUD console. You understand and agree to authorize the HUAWEI CLOUD console to access the analytical platform to obtain and display audit data and analysis results.
Data masking: Database audit provides the data masking function. On the database audit console, you can create protected databases, create data discovery tasks, and set masking rules. If any data you want to mask is printed in logs or displayed on the console because you did not specify such data in your masking rules, did not configure appropriate regular expressions, or only used the default DBSS regular expressions that did not match such data, you understand and agree to bear the consequences and ensure that HUAWEI CLOUD will not suffer any loss.
Backup: Database audit logs are stored until your disk space is used up. If you enable the backup function on the DBSS console, logs will be backed up and stored in your OBS bucket until you delete them. Enabling backup indicates you understand and agree to authorize HUAWEI CLOUD to create an OBS bucket, and to upload backup data to the OBS bucket. You will be charged for the fees incurred by the OBS bucket. For details, see OBS Pricing. You can enable or disable backup on the DBSS or OBS Console. A disabled function cannot be used.
Data deletion: If you stop using this service, HUAWEI CLOUD will call ROS to delete your instances and data stored in DBSS, but will not delete the data backed up to the OBS bucket. You can delete the backup data on the OBS console.
Alarm notifications: DBSS is interconnected with Simple Message Notification (SMN) so that it can send you notifications by email or SMS. You understand and agree to authorize HUAWEI CLOUD to store the email addresses and phone numbers you provided and send alarm notifications to the email addresses and phone numbers when alarm conditions are met. You can enable or disable the alarm notification on the DBSS or SMN console. For details about the pricing details, see SMN Pricing (https://support.huaweicloud.com/en-us/productdesc-smn/smn_price.html).
Last updated: January 2021