Got it

Cloud Computing Security

Created: Dec 5, 2021 16:23:21Latest reply: Dec 6, 2021 05:49:56 386 2 0 0 0
  Rewarded HiCoins: 0 (problem resolved)

Dear @feifei_xin

How Cloud computing security is fully secured?

  • x
  • convention:

Featured Answers

Best answer

Recommended answer

feifei_xin
Created Dec 6, 2021 05:49:56

hi,

Comprehensive and unified security policies
The centralized management of computing resources makes it easier to deploy border protection. Comprehensive security management measures, such as security policies, unified data management, security patch management, and unexpected event management, can be taken to manage computing resources. In addition, professional security expert teams can protect resources and data for users.

Low costs of security measures
Because security measures are taken for all computing resources shared among many users, security costs paid by each user are low.

On-demand security protection services
Based on fast and elastic resource allocation, security is offered to users as services. Users can use the services on demand. In addition, this approach improves computing resource utilization of the cloud computing system.

Enhanced protection capability
In a data center, network traffic is classified into two types:

One is the traffic between external users of a data center and internal servers. Such traffic is called north-south or vertical traffic.
The other is the traffic exchanged between internal servers in the data center, which is also called east-west traffic or horizontal traffic. The east-west traffic includes traffic between VMs of the same subnet of the same tenant, traffic between different subnets of the same tenant, and traffic between different tenants.
The traditional security protection solution based on fixed physical boundaries only protects north-south traffic. However, the solution is incapable of protecting east-west traffic. SDN or host-based security protection measures can effectively cope with security issues of east-west traffic, thereby improving the security protection capabilities of the entire data center.

Shared responsibility and varied duties
The security responsibilities of applications deployed in the cloud data center are jointly borne by the platform and tenants. The platform ensures the security of the cloud service platform while tenants are responsible for the security of application systems that are deployed in the cloud data center.

The cloud platform is responsible for the security of physical infrastructure, cloud OSs, and cloud service products, and provides customers with technical measures to protect cloud applications and data.
The security assurance of the cloud platform includes hardware, software, and network security, such as system and database patch management, vulnerability fixing, network access control, and disaster recovery. It also includes third-party supervision and audit organizations' evaluation of the compliance of the cloud platform. The technical measures provided for tenants include Identity and Access Management (IAM), basic services (built-in security functions), security services, security audit methods, and industry security solutions provided by third-party security vendors.

Tenants are responsible for constructing their own cloud application systems based on cloud infrastructure and services, and protecting their service systems by properly using security functions of cloud products, security services, and third-party security products. For example, tenants can use IAM for user identity management, logs for operation audit, and Elastic Cloud Server (ECS) and Virtual Private Cloud (VPC) for VM management and security configurations to ensure O&M security. For other applications, such as the cloud database (RDS), Big Data services, and microservices, customers do not need to consider instance maintenance as well as patch upgrade and configuration hardening of OSs and databases. They only need to manage the accounts and authorization of these services, and use security functions provided by those services.
View more
  • x
  • convention:

All Answers
MahMush
MahMush Moderator Author Created Dec 5, 2021 19:33:20

As the challenges of security are changing rapidly huawei has foreseen it and has launched a new product with advanced security features, TICS is realizing data privacy and protection within and across industries.The multi-party Data SQL analysis federated with data and federated learning capabilities, based on a trusted TEE hardware implementation environment, secure multi-party SMPC computing, blockchain and other technologies, provide end-to-end data safety and data auditability in the processes of storage, circulation and calculations, and foster a credible integration of information and cooperation among industry groups.

Data, as a key factor in production, must be able to flow flexibly in order to optimize value. However, in practice, realizing accessibility, sharing, and circulation can be tough. HUAWEI CLOUD TICS secures innovative and integrated data element applications, enabling secure data flow and optimizing data value. It has the following characteristics:

It processes privacy data in place, making data usable but invisible, using multi-party federated data exploration and modeling.

It provides links with some of the most common data sources, which adapts without conversion to typical Big Data scenarios

For collaborative optimization, a federated AI method and a homomorphic encryption technique are used. For example, during model training, batch computation of encrypted data is available, which improves training performance tenfold without the need for an accelerator.
View more
  • x
  • convention:

feifei_xin
feifei_xin Created Dec 6, 2021 05:49:56

hi,

Comprehensive and unified security policies
The centralized management of computing resources makes it easier to deploy border protection. Comprehensive security management measures, such as security policies, unified data management, security patch management, and unexpected event management, can be taken to manage computing resources. In addition, professional security expert teams can protect resources and data for users.

Low costs of security measures
Because security measures are taken for all computing resources shared among many users, security costs paid by each user are low.

On-demand security protection services
Based on fast and elastic resource allocation, security is offered to users as services. Users can use the services on demand. In addition, this approach improves computing resource utilization of the cloud computing system.

Enhanced protection capability
In a data center, network traffic is classified into two types:

One is the traffic between external users of a data center and internal servers. Such traffic is called north-south or vertical traffic.
The other is the traffic exchanged between internal servers in the data center, which is also called east-west traffic or horizontal traffic. The east-west traffic includes traffic between VMs of the same subnet of the same tenant, traffic between different subnets of the same tenant, and traffic between different tenants.
The traditional security protection solution based on fixed physical boundaries only protects north-south traffic. However, the solution is incapable of protecting east-west traffic. SDN or host-based security protection measures can effectively cope with security issues of east-west traffic, thereby improving the security protection capabilities of the entire data center.

Shared responsibility and varied duties
The security responsibilities of applications deployed in the cloud data center are jointly borne by the platform and tenants. The platform ensures the security of the cloud service platform while tenants are responsible for the security of application systems that are deployed in the cloud data center.

The cloud platform is responsible for the security of physical infrastructure, cloud OSs, and cloud service products, and provides customers with technical measures to protect cloud applications and data.
The security assurance of the cloud platform includes hardware, software, and network security, such as system and database patch management, vulnerability fixing, network access control, and disaster recovery. It also includes third-party supervision and audit organizations' evaluation of the compliance of the cloud platform. The technical measures provided for tenants include Identity and Access Management (IAM), basic services (built-in security functions), security services, security audit methods, and industry security solutions provided by third-party security vendors.

Tenants are responsible for constructing their own cloud application systems based on cloud infrastructure and services, and protecting their service systems by properly using security functions of cloud products, security services, and third-party security products. For example, tenants can use IAM for user identity management, logs for operation audit, and Elastic Cloud Server (ECS) and Virtual Private Cloud (VPC) for VM management and security configurations to ensure O&M security. For other applications, such as the cloud database (RDS), Big Data services, and microservices, customers do not need to consider instance maintenance as well as patch upgrade and configuration hardening of OSs and databases. They only need to manage the accounts and authorization of these services, and use security functions provided by those services.
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.