Huawei Cloud is dedicated to helping you build a secure cloud environment.

We rely on over 30 years of security experience, combining the best cloud security practices in and outside China, and always complying with all applicable laws, regulations, and important cloud security standards and specifications in the service provisioning area. We provide customers with cloud security services that are easily available, scalable, and offered on a pay-per-use basis, helping you protect application systems and important data on the cloud.

  • What Is Huawei Cloud infrastructure security?

    Infrastructure security is a core component of Huawei Cloud's multi-dimensional, full-stack cloud security system. We have enhanced the security and compliance of our data centers, networks, and other infrastructure based on industry best practices, so that you can migrate services to the cloud, stay focused on your business, and leave the security to us.


    Huawei Cloud is deployed in multiple regions and availability zones (AZs) around the world. You can check the services available at each site and on the Huawei Cloud home page. We carefully selected secure locations for all our data centers by considering a range of different factors. When it comes to data center management, we take appropriate access control, monitoring, and other measures to improve the security, reliability, and service continuity of Huawei Cloud infrastructure.


    We divide and isolate security zones and network planes in compliance with ITU-T E.408 standards and industry best practices.


    For more information about the security design and practices of Huawei Cloud infrastructure, see Huawei Cloud Security White Paper.

  • How does Huawei Cloud secure my data on the cloud?

    We consider data asset protection as the core of our security policies. Huawei Cloud complies with industry-leading standards on data security lifecycle management and adopts excellent technologies, practices, and processes for identity authentication, permissions management, access control, data isolation, transmission security, storage security, data deletion, and physical device destruction. You can find more information on these practices in the Huawei Cloud Data Security White Paper.


    You own all the content data generated when you use services on Huawei Cloud, and have full control over the data. You are responsible for configuring security measures for specific data and ensuring the confidentiality, integrity, availability, and data access identity authentication and authorization. For example, if you use Identity and Access Management (IAM) and Data Encryption Workshop (DEW), you are responsible for keeping your accounts, passwords, and keys safe, and shall comply with industry best practices in configuring, updating, and resetting passwords and keys. You can check out more data security products under Huawei Cloud's [Security & Compliance] category.


    Huawei Cloud will never access your content data without you express authorization. We comply with all applicable laws and regulations, regularly update services to meet internal and external compliance requirements, evaluate security status based on industry standards, and share our compliance practices to maintain transparency.

  • What services can I use to improve cloud security?

    With years of security experience and data security as the core, Huawei Cloud provides a series of multi-dimensional and in-depth security services that integrate hardware and software. For instance, there are services to manage the security posture of your system. You can also find Web Application Firewall (WAF), which can protect your cloud workloads and applications. There are also many data security services that can protect your data assets on the cloud. You can check out more data security products under Huawei Cloud's [Security & Compliance] category.


    You can easily build a comprehensive security system based on Huawei Cloud infrastructure and security services.

  • How does Huawei Cloud help me enhance security for operations and maintenance?

    In the DevOps or DevSecOps process, operations and maintenance are as important as R&D. Huawei Cloud attaches great importance to O&M and has abundant practices in O&M security, vulnerability management, security event management, business continuity, and disaster recovery management. Take O&M access as an example. Huawei Cloud uses the VPN and CBH deployed in your data center to manage and audit your server O&M in a unified manner, and takes different security control measures for different operations. For more information, see "Operational Security" in Huawei Cloud Security White Paper.


    You can also learn about secure and intelligent O&M from Huawei Cloud courses. For details about services recommended for O&M security, go to the O&M Security page.

  • What do I do to meet security and compliance requirements?

    Security and compliance is a shared responsibility between Huawei Cloud and customers. That is, Huawei Cloud is responsible for the security compliance of cloud services, and you assume the responsibilities of the service security and compliance inside your organization.


    Huawei Cloud keeps updating to meet the changing internal and external compliance requirements, ensures the legal and regulatory compliance of cloud services, strictly enforces security standard evaluations in a range of industries, and shares compliance practices with tenants to keep services transparent.


    You need to check the applications and services that you deployed on Huawei Cloud but do not belong to Huawei Cloud against the applicable security laws and regulations.

Cloud Security Resources & Best Practices

  • Notices

    Updates about security events and vulnerabilities

    Updates about security events and vulnerabilities

  • Security FAQs

    Frequently asked questions about cloud security

    Frequently asked questions about cloud security

  • Security Partner Alliance

    Huawei Cloud works with industry-leading security vendors to build a cloud security business and technology ecosystem.

    Huawei Cloud works with industry-leading security vendors to build a cloud security business and technology ecosystem.

  • Huawei Cloud Security White Paper

    Huawei Cloud experience and practices in secure cloud construction

    Huawei Cloud experience and practices in secure cloud construction

  • Huawei Cloud Data Security White Paper

    Huawei Cloud experience and practices in the data security field

    Huawei Cloud experience and practices in the data security field

  • Huawei Cloud Cyber Security and Privacy Protection FAQs

    Frequently asked questions about Cyber Security and Privacy Protection

    Frequently asked questions about Cyber Security and Privacy Protection

Reporting Suspected Vulnerabilities

If you encounter or find a suspected vulnerability in Huawei Cloud products and service, we would appreciate it if you could quickly inform our CSIRT. Please report suspected vulnerabilities through specified channels in accordance with the security mechanisms.

Vulnerability Reporting Channels

Please report suspected vulnerabilities in Huawei Cloud products and service via email. This template is recommended for reporting suspected vulnerabilities. Huawei Cloud CSIRT is ready to respond immediately to any suspected vulnerabilities reported by security researchers, industry organizations, customers, and suppliers.


Email address: hwssecurityeu@huaweicloud.com


Security Mechanism

Vulnerability information is sensitive. To ensure confidentiality, you are advised to encrypt the information sent to hwssecurityeu@huaweicloud.com using Pretty Good Privacy (PGP). You can click here to obtain Huawei Cloud's PGP public key (key ID: 0x9E47846D).


Throughout the vulnerability handling process, Huawei Cloud CSIRT strictly ensures that vulnerability information is transferred only between relevant handlers. We sincerely request you to keep the information confidential until a complete solution is available to our customers.