ecurity has always been a major concern for enterprises to deploy services on the cloud. Thanks to the efforts of cloud service providers (CSPs), the security of cloud services has reached an acceptable level. But from the cloud customers’ perspective, it is still somewhat lacking in best practices on how to secure their cloud services. The availability of such guidelines can be especially helpful for small and medium enterprises (SMEs) that constantly face shortages of professional security manpower. With this in mind, Huawei collaborated with the CSA CSSM WG to jointly develop the "Guideline on Effectively Managing Security Service in the Cloud (The Guideline)" that applies to various cloud deployment models, from private, public, hybrid to community cloud.
The Guideline provides an easy-to-understand guidance to cloud customers on how to design, deploy, and operate a secure cloud service with respect to different cloud service models, namely IaaS, PaaS, and SaaS, helping them ensure the secure running of service systems. With a distinct separation of responsibilities, cloud customers can clearly understand security responsibilities of their own and of CSPs, what security assurance features should be provided to bear these security responsibilities, existing gaps, and how to develop related capabilities to address such gaps.
Additionally, the Guideline provides guidance for CSPs in building cloud platform security assurance systems which can also be used by cloud service security integrators. Not forgetting third-party security service providers that play important roles in securing cloud services, these providers can leverage on the Guideline to better fit their services to CSPs or cloud customers.
Since 2016, Huawei has planned, designed, and constructed more than 200 cloud security projects for 38 carriers worldwide, and has completed pre-integration and pre-verification of multi-vendor cloud security solutions in Cloud Open Labs. In cooperation with CSA, Huawei has developed the best practices and guidelines for cloud service security by combining the rich practices of Huawei's services with CSA's standards and ecosystem. It is hoped that this effort can better understanding the cloud security responsibilities from both customers and CSPs, and create a more immaculate cloud security ecosystem.