Any participants in cloud should assume responsibility, generally, participants in different roles assume different responsibilities for implementing and managing. Therefore, cloud security responsibilities are shared by different participants in cloud. Ping An Cloud provides infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS), there are two main roles for cloud service security responsibilities: cloud service providers and cloud customers.

The responsibility of Ping An Cloud is developing and transport the platform, maintaining the infrastructure of the Ping An Cloud platform, and providing all infrastructure services and the security features. At the same time, Ping An Cloud is also responsible for the construction of the physical layer, the infrastructure layer, the platform layer, the application layer, the data layer and the multi-dimensional security protection system of the user's identity management, and ensure the operation and maintenance security.

The customer's responsibility is configuring and operating the virtual network, platform, application, data, management, security and other services based on the infrastructure and services provided by Ping An Cloud. Including the custom configuration of the Ping An Cloud service and the operation & maintenance of customer deployment platform, application, user identity management services. Customers are also responsible for customized configuration of security measures, operation & maintenance security and effective management of user identity in virtual network layer, platform layer, application layer, data layer and user identity management layer.

In network security, Ping An Cloud monitors the possible attacks on cloud network boundary and provides network protection functions or suggestions Based on the network protection functions or suggestions, customers are responsible for defining and implementing their own virtual network security.

 Ping An Cloud Responsibility

•   Ping An Cloud ensures the security of cloud platform. As a cloud technology developer and cloud service provider, Ping An Cloud needs to ensure the security development, configuration and deployment of various cloud technologies; on the other hand, Ping An Cloud is responsible for operation & maintenance security of cloud services.
•   Ping An Cloud is responsible for infrastructure security. Ping An Cloud infrastructure includes physical environment, self-development hardware and software, and operation & maintenance system facilities includes computing, storage, networking, databases, platforms, applications, identity management and security services etc.
•   Protect the underlying infrastructure and virtualization technologies to avoid external attacks and internal abuse.
•   Protect the hardware, software and network security, such as operating system and database of patch management, network access control, DDoS protection, disaster recovery, etc.;
•   Ping An Cloud provides data protection and responsible for the security of related functions. However, Ping An Cloud is just a data custodian, Ping An Cloud will never allow staff to access customer data without authorization, and customers have ownership and control over their data.
•   Comply with necessary safety laws and regulations, concerned with compliance requirements changes, and evaluate safety compliance and audit of Ping An Cloud.

 Customer Responsibility

•   The customer is responsible for security configuration of the control resources in Ping An Cloud, Ping An Cloud provides resources, functionality, and performance to customers for perform security task.
•   Customer should protect the Ping An Cloud account, use the access control management strategy to separate the operation and employee responsibility.
•   The customer is responsible for policy configuration of virtual network firewall, gateway and security services; and responsible application security management which is deployed in Ping An Cloud.
•   Before the cloud services security configuration is deployed to production environment, the customer is responsible for its security testing.
•   Customers are always owners and controllers of data on their cloud services. The customer is responsible for data security configuration and manages data confidentiality, integrity, availability, data access authentication and authorization.
•   Customer is responsible for identifying and complying with the safety laws and regulations for applications and services which is deploy on the Ping An Cloud, but not provided by the Ping An Cloud.