<p><span style="font-size:14px"><span style="font-family:Microsoft Yahei">Any participants in cloud should assume responsibility, generally, participants in different roles assume different responsibilities for implementing and managing. Therefore, cloud security responsibilities are shared by different participants in cloud. Ping An Cloud provides infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS), there are two main roles for cloud service security responsibilities: cloud service providers and cloud customers.</span></span></p> <p style="text-align:center"><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20182201180803-1f490fe69b71.png" style="height:467px; width:445px" /></p> <p>&nbsp;</p> <p><span style="font-size:14px"><span style="font-family:Microsoft Yahei">The responsibility of Ping An Cloud is developing and transport the platform, maintaining the infrastructure of the Ping An Cloud platform, and providing all infrastructure services and the security features. At the same time, Ping An Cloud is also responsible for the construction of the physical layer, the infrastructure layer, the platform layer, the application layer, the data layer and the multi-dimensional security protection system of the user&#39;s identity management, and ensure the operation and maintenance security.</span></span></p> <p><span style="font-size:14px"><span style="font-family:Microsoft Yahei">The customer&#39;s responsibility is configuring and operating the virtual network, platform, application, data, management, security and other services based on the infrastructure and services provided by Ping An Cloud. Including the custom configuration of the Ping An Cloud service and the operation &amp; maintenance of customer deployment platform, application, user identity management services. Customers are also responsible for customized configuration of security measures, operation &amp; maintenance security and effective management of user identity in virtual network layer, platform layer, application layer, data layer and user identity management layer.</span></span></p> <p><span style="font-size:14px"><span style="font-family:Microsoft Yahei">In network security, Ping An Cloud monitors the possible attacks on cloud network boundary and provides network protection functions or suggestions Based on the network protection functions or suggestions, customers are responsible for defining and implementing their own virtual network security.</span></span></p> <p>&nbsp;</p> <p><span style="font-size:16px"><strong><span style="font-family:Microsoft Yahei">&nbsp;Ping An Cloud Responsibility</span></strong></span></p> <ul> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Ping An Cloud ensures the security of cloud platform. As a cloud technology developer and cloud service provider, Ping An Cloud needs to ensure the security development, configuration and deployment of various cloud technologies; on the other hand, Ping An Cloud is responsible for operation &amp; maintenance security of cloud services.</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Ping An Cloud is responsible for infrastructure security. Ping An Cloud infrastructure includes physical environment, self-development hardware and software, and operation &amp; maintenance system facilities includes computing, storage, networking, databases, platforms, applications, identity management and security services etc.</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Protect the underlying infrastructure and virtualization technologies to avoid external attacks and internal abuse.</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Protect the hardware, software and network security, such as operating system and database of patch management, network access control, DDoS protection, disaster recovery, etc.;</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Ping An Cloud provides data protection and responsible for the security of related functions. However, Ping An Cloud is just a data custodian, Ping An Cloud will never allow staff to access customer data without authorization, and customers have ownership and control over their data.</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Comply with necessary safety laws and regulations, concerned with compliance requirements changes, and evaluate safety compliance and audit of Ping An Cloud.</span></span></li> </ul> <p>&nbsp;</p> <p><span style="font-size:16px"><strong><span style="font-family:Microsoft Yahei">&nbsp;Customer Responsibility</span></strong></span></p> <ul> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; The customer is responsible for security configuration of the control resources in Ping An Cloud, Ping An Cloud provides resources, functionality, and performance to customers for perform security task.</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Customer should protect the Ping An Cloud account, use the access control management strategy to separate the operation and employee responsibility.</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; The customer is responsible for policy configuration of virtual network firewall, gateway and security services; and responsible application security management which is deployed in Ping An Cloud.</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Before the cloud services security configuration is deployed to production environment, the customer is responsible for its security testing.</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Customers are always owners and controllers of data on their cloud services. The customer is responsible for data security configuration and manages data confidentiality, integrity, availability, data access authentication and authorization.</span></span></li> <li><span style="font-size:14px"><span style="font-family:Microsoft Yahei">&nbsp; Customer is responsible for identifying and complying with the safety laws and regulations for applications and services which is deploy on the Ping An Cloud, but not provided by the Ping An Cloud.</span></span></li> </ul>