Building "China's Most Secure Cloud"! Huawei Cloud Passes the Most Stringent PCI-DSS Security Certification in History

[51CTO.com original article] On March 22, Huawei China Ecosystem Partner Conference 2018 was grandly opened at Qingdao International Convention and Exhibition Center. At the morning meeting, Quan Zhenjun, Director of Strategic Development for Greater China at the British Standards Institution (BSI), an internationally recognized certification body, officially announced that after multiple rounds of rigorous reviews, Huawei Cloud has become the only cloud service provider in China that has passed PCI-DSS certification for all platforms, all nodes, and all services. Yang Song, General Manager of Huawei Cloud Security, took over this extremely important certificate from Quan Zhenjun, which means that the security of Huawei Cloud has once again been recognized by international authorities, and it deserves the title of "China's Most Secure Cloud".

[[223461]]

PCI-DSS certification awarding ceremony (Huawei Cloud Security General Manager Yang Song [right], British Standards Institution "BSI" Greater China Strategic Development Director Quan Zhenjun [left])

PCI-DSS: The world's most stringent and authoritative financial-grade data security certification

PCI-DSS (Payment Card Industry Data Security Standard) is the full name of the Payment Card Industry Data Security Standard, which is a payment card industry data security standard jointly established by VISA and MasterCard and a number of international card organizations. It is also the world's most stringent and highest-level financial data security standard, designed to strictly control data storage to ensure the security of online transactions for payment card users.

In fact, due to its strong operability, this standard has not only been widely supported and promoted by global card organizations and financial institutions, but has also been regarded as a universal security standard by major industries outside the financial industry.

Quan Zhenjun introduced that every year, there are countless companies applying for PCI-DSS certification around the world, but only a few actually pass it. Generally, after a company submits an application, PCI SSC will authorize an independent review company (such as BSI) to conduct a comprehensive and thorough review of the applicant company. The review content includes 6 major areas, 12 specifications, and more than 200 audit indicators. The 6 major areas include building and maintaining a secure network, protecting cardholder data, maintaining vulnerability management procedures, implementing strict access control measures, regularly monitoring and testing the network, and maintaining information security policies. The audit includes three stages: self-security testing, vulnerability analysis, and security investigation. The scope of the inspection covers multiple indicators such as hardware, software, employees and company management, and it will be re-inspected at least once a year.

"It is precisely because the PCI-DSS standard is extremely strict and has very high requirements for the security technical capabilities of cloud platforms that few companies can pass the certification. Huawei Cloud is currently the only company in China that has passed the certification for all platforms, all nodes, and all businesses," said Quan Zhenjun. "Huawei Cloud's efforts to ensure user security and privacy will surely receive positive feedback from users and the market. The acquisition of this certification shows that Huawei Cloud's security level and technical capabilities are at the top level."

According to Quan Zhenjun, the entire process from Huawei's application to approval took only two months, but Huawei's preparations for this began more than a year ago. What impressed him was that Huawei did not set a passing standard of 60 points from the beginning, but was very strict with its own cloud, designed and planned from a very high level, first "strictly disciplined itself" and then passed the rigorous inspection of BSI to prove its strength.

Huawei Cloud obtains PCI-DSS security certification

All platforms, all nodes, and all services have passed. How awesome is a "home run"?

The reporter learned that previously, most of the companies that passed the PCI-DSS certification in China were banks and third-party payment companies. Huawei Cloud is the only cloud service provider in China that has passed the PCI-DSS certification for all platforms, all nodes, and all services. Why is it so difficult to "hit a home run"? Here we need to analyze the value of "the only one in the country".

Yang Song analyzed in detail the link that Huawei Cloud has passed: the entire platform, which means that the entire IT system of Huawei Cloud has passed strict security assessments, including all physical computer rooms of Huawei Cloud, key system components of the cloud platform, professional security training for personnel, security development and many other indicators; and passing the entire node is even more difficult. Most nodes are complete cloud resources composed of one or several computer rooms. All large and small nodes of Huawei Cloud, including nodes in Beijing Langfang and Hong Kong, have passed certification, which means that all nodes of Huawei Cloud have a high level of security consistency; all cloud services developed and launched by Huawei Cloud have passed security review. Compared with individual services that have passed certification, such as cloud host services, the security level is completely different.

Obviously, the Huawei Cloud that users are using has passed the world's most authoritative and stringent PCI-DSS certification for all platforms, all nodes, and all services. Therefore, it is a high-standard security cloud that is originally exclusive to users in the financial industry. Please feel free to use this "financial-grade" security!

A good game of "win-win" for the next game

Certification is so difficult, why does Huawei Cloud insist on "biting this hard bone"? Yang Song's words on the spot give us a glimpse of the problem: Huawei Cloud chose to cooperate with BSI. On the one hand, it wanted to use BSI's authoritative and reliable security assessment models, methods and rich international certification experience to conduct an in-depth physical examination of Huawei Cloud's security level, and provide Huawei Cloud with more complete suggestions to promote continuous improvement and breakthroughs in security; on the other hand, Huawei Cloud wanted to improve Huawei Cloud's transparency in security through the assessment of an authoritative and neutral third-party non-profit organization such as BSI, to show customers that Huawei Cloud has the highest level of security capabilities, and to promote and enhance customers' trust in Huawei Cloud services.

Ultimately, it's all for the users. Yang Song said something very firmly - Huawei believes that ensuring user data security is the top priority.

From Huawei's perspective, the fact that the entire HUAWEI CLOUD platform has passed this authoritative evaluation indicates that HUAWEI CLOUD's software security management and technical capabilities have been recognized by international authorities. This is a reflection of the company's long-term emphasis on security and is also a favorable proof of its technical and service capabilities.

From the user's perspective, both the security of cloud services and user privacy protection have been strictly certified by third-party authoritative organizations, making users feel more assured, more secure, and less worried. Huawei Cloud's layout and active deployment in security will surely win more recognition and trust from users.

This is really a win-win game.

In the interview, Yang Song said that obtaining PCI-DSS certification for all platforms, all nodes, and all services is just the beginning. The road ahead is long, and Huawei Cloud will not stop its efforts to build a secure and reliable "black soil". This reminds the reporter of what Zheng Yelai, President of Huawei Cloud BU, emphasized in his keynote speech at the conference that day: Huawei Cloud has technology, a future, and is trustworthy. As the saying goes, "The greatest heroes serve the country and the people", the reporter thinks that in the context of Huawei Cloud's ecosystem, it is more appropriate to change it to "The greatest cloud is humble and open-minded" to describe Huawei Cloud. The reporter also sincerely hopes that Huawei Cloud, this "black soil", can provide more nutrients for ecological prosperity and work with partners to produce more fruitful results.

[51CTO original article, please indicate the original author and source as 51CTO.com when reprinting on partner sites]