You can deploy your own data in any region. When using Huawei Cloud, you can use Huawei Cloud services and tools to control data. You can determine where to store your data, how to protect it, and what access controls to use. For example, you can query data center details on the region query page and select whichever region makes it easiest to meet data residency requirements.

Huawei Cloud provides regional and global services for storage. You can go to the specific storage pages to learn about where your data is located.

Data encryption: Huawei Cloud provides advanced data encryption technologies. You can select different cryptographic algorithms and key management policies to meet your security and compliance requirements. Huawei Cloud provides server-side encryption in many services, such as Data Encryption Workshop (DEW), Object Storage Service (OBS), and Scalable File Service (SFS). These services use enhanced encryption algorithms to encrypt data at rest.

Data masking: Huawei Cloud Data Security Center (DSC) supports both static and dynamic data masking. DSC provides a range of data masking methods for you to anonymize diverse types of sensitive data. Many character-level data masking templates come preconfigured in DSC.

Data watermarking: DSC provides data watermarks that can be injected into or extracted from documents, images, and JSON strings for source tracing. In the event of a data breach, watermarks help track the source of the breach.

If you want to use a VM for storage and keep that storage isolated from other resources, you can deploy the VM in a VPC subnet, associate a network ACL with that subnet, and then associate a security group with the VM. Traffic can be controlled at both the subnet and VM levels.

Huawei Cloud backup and disaster recovery system covers multiple layers, such as network, application, and data layers. The data-layer backup and disaster recovery is a key part of the disaster recovery system. Huawei Cloud provides Cloud Backup and Recovery (CBR) , you can select different backup intervals, retention periods, and backup types to support service continuity.

Huawei Cloud never accesses your data on the cloud without your explicit consent. You can use Identity and Access Management (IAM) and Cloud Bastion Host (CBH) to set access control policies for applications, O&M operations, and cloud resources to prevent unauthorized access.

Huawei Cloud provides Cloud Trace Service (CTS) to log all operations performed on the cloud in real time. Traces are stored and transmitted with enhanced encryption. To ensure log integrity, traces cannot be modified or deleted on the console or through APIs. You can verify and backtrack data through audits and monitoring to ensure that only authorized personnel can process data on the cloud.

Based on its proven practices in cloud migration and experience in migrating a large scale of customer's services to the cloud, Huawei Cloud has developed a set of "7 phases and 12 steps" migration methodology, covering all scenarios and phases of data migrations from end to end. To secure your data during cloud migrations, Huawei Cloud provides Cloud Migration Service (CMS) for you. CMS provides various security tools, professional services, and solutions to help you securely migrate your services to the cloud and keep your services on the cloud secure.

Huawei Cloud also provides services to help with secure data transmission on the cloud. If you no longer need a service, you can stop using it and use Cloud Data Migration (CDM) to migrate data securely. For other service changes, you can use other transmission services, such as Simple Message Notification (SMN) , Distributed Message Service (DMS) for Kafka, Distributed Message Service (DMS) for RabbitMQ and Distributed Message Service (DMS) for RocketMQ to control data transmission. Huawei Cloud provides necessary security capabilities to help you enhance data transmission security when you use related services.

Huawei Cloud provides a wide range of transmission encryption services at application, transport, and physical layers. These services include Cloud Certificate Manager (CCM), Virtual Private Network (VPN), Direct Connect and Cloud Connect. You can select whichever one is best suited to the specific service scenarios to secure data in transit.

When you proactively delete data stored on the cloud or the data needs to be deleted due to the service expiration, Huawei Cloud will clear the data in compliance with the data destruction standards and the agreement signed with you.