Tencent Cloud's responsibility for cloud environment security includes ensuring the security of the underlying physical and infrastructure layers of the entire cloud computing environment, and is responsible for the security and compliance of the cloud platform and the cloud products it provides.
Specifically, Tencent Cloud is responsible for the secure operation and management of data center physical facilities, physical servers, and network equipment, as well as the security and compliance of cloud platforms (such as the virtualization layer and management platform) and all cloud products/services at the design, development, and operation levels, and obtains and maintains relevant security certifications.
In the IaaS model, Tencent Cloud is also responsible for the security management of the virtualization control layer; in the PaaS model, Tencent Cloud shares responsibility for virtualization network and host security, cloud application security, and security configuration policies; in the SaaS model, Tencent Cloud is further responsible for the security of cloud application layers.
For more information on Tencent Cloud platform and product security, please refer to Tencent Cloud Security White Paper.
The customer's responsibility for cloud security includes ensuring the security of their own data, identity access, and the configuration and management of cloud resources.
Specifically, this includes: bearing ultimate responsibility for the security of all business data uploaded, stored, and processed in the cloud; being responsible for the security of their Tencent Cloud account and the management of account-based access control policies; and correctly configuring and using the cloud products (including security products) they purchase according to their own business security needs.
In the IaaS model, the customer is also responsible for the operating system, middleware, and internal network security configuration of the cloud servers they purchase; in the PaaS and IaaS models, the customer is responsible for the security of their self-built applications deployed in the cloud.
Customer content data refers to any data submitted, uploaded, transmitted, or displayed by customers using services provided by Tencent Cloud, including but not limited to text, audio, video, or images. Customer content data is entirely under the control of the customer.
Tencent Cloud, as the data processor, processes this data only in accordance with the methods and purposes stipulated in the agreements signed with the customer (such as the Terms of Service, Data Processing, and Security Agreements). You are fully responsible for ensuring that only specific personnel can perform specific operations on specific data.
Tencent Cloud will leverage Tencent's years of compliance management practices to provide you with comprehensive data security and privacy protection tools and technologies to help you better manage your cloud-based customer data.
Customers are the owners and controllers of the content data they upload to Tencent Cloud (customer cloud business data). They can independently decide the purpose, method, and scope of data processing and lead the entire lifecycle management of their data.
Tencent Cloud, as the data processor, only processes this data according to the methods and purposes agreed upon in the agreements signed with customers (such as service terms, data processing, and security agreements), and will not actively access or use this data for its own purposes.
Customers can choose their own data storage region (availability zone). When purchasing cloud products, customers can select the availability zone for data storage on the purchase page. When customers need to respond to their users' (data subjects') requests regarding their personal data rights (such as access, correction, deletion, restricted processing, and data portability rights), Tencent Cloud is obligated to provide necessary technical support to empower customers to manage the data under their control.
At the same time, Tencent Cloud is committed to maintaining the confidentiality of customer data in accordance with relevant laws and regulations.
Tencent Cloud provides security guarantees for customer data in storage through technical (such as encryption and access control) and management measures to help customers achieve the availability, integrity, and confidentiality of their cloud data.
As a cloud service provider, Tencent Cloud promises that, unless otherwise stipulated by laws and regulations or agreed upon by both parties, it will not access or use the content data hosted by customers on Tencent Cloud.
When a customer explicitly requests operational support from Tencent Cloud or when the nature of the services provided by Tencent Cloud necessitates processing the customer's content data, Tencent Cloud will obtain explicit authorization from the customer in advance and will process the data in accordance with the principle of minimum necessity.
Furthermore, Tencent Cloud employs strict operational access control processes and technical measures to prevent Tencent Cloud's backend operations personnel from unauthorized access to or manipulation of the customer's content data stored in the cloud.
Tencent Cloud adheres to the principle of "data privacy" and employs multi-layered technical isolation measures to ensure that customer data within the same resource pool is not visible to each other, technically guaranteeing that tenants cannot access, obtain, or tamper with other tenants' data.
Tencent Cloud safeguards multi-tenant data confidentiality in the following four ways:
- Virtualization Layer: Tencent Cloud applies mature hardware virtualization technology to provide complete virtual resource isolation capabilities between tenants for cloud servers and other resources in the virtualization layer. The network, memory, disk and other resources of different users are all prevented from communicating and accessing each other through underlying logical access control, ensuring that each customer can only access the cloud computing resources they have purchased, and effectively achieving data isolation between different customers.
- Network layer: Virtual Private Cloud VPC (Virtual Private Cloud) is a dedicated cloud network space built by Tencent Cloud for its customers. Customers can achieve logical network isolation by configuring a private network. VPCIt allows for custom network segmentation, IP address and routing policies, and filters traffic from the subnet and host dimensions through network ACLs and security groups, ensuring data isolation between different customers through complete network isolation.
- Cloud Database Layer: When customers use cloud databases, Tencent Cloud isolates the network layer through firewall policies and a whitelist filtering mechanism. Furthermore, Tencent Cloud uses access control mechanisms for database instances to ensure that each customer can only access their corresponding data and cannot access other customers' data. In addition, Tencent Cloud also provides dedicated cluster databases, allowing customers to exclusively use physical cluster resources and flexibly create cloud databases of various custom specifications.
- Object storage: Verifies the legitimacy of requests through key signing and supports setting public or private read/write permissions for stored objects as needed, ensuring controlled data access.
For more information on data security, please see Tencent Cloud Security White Paper.
Tencent Cloud's infrastructure covers 26 geographic regions globally.
Tencent Cloud allows customers to choose their preferred region for storing their data within its geographically targeted products. Different Tencent Cloud regions are completely isolated, ensuring maximum stability and fault tolerance.
Customer content data will not be transferred outside the customer's chosen Tencent Cloud region without their consent.
As a data processor, Tencent Cloud will not transfer customer business data to regions outside their chosen region. As a data controller, customers should select an appropriate Tencent Cloud region based on their needs.
Before transferring (disclosing/sharing) personal data to other organizations, the purpose of the transfer, the content of the data to be transferred, and the names of other data processing organizations receiving the data should be communicated to the data subject, with corresponding legal grounds.
When personal data is transferred outside the country (region) where the data subject resides, appropriate laws and regulations should be identified to ensure that corresponding control measures are deployed and implemented in accordance with legal requirements.
This includes, for example, signing a data transfer agreement with the receiving party in a third country, clearly defining the control requirements for data processing, jurisdiction, sufficiency assessment, mitigation scenarios, and appropriate safeguards (depending on applicable legal requirements).
Compliance is the foundation of Tencent Cloud's development.
Tencent Cloud identifies and adopts advanced international and industry security standards, adheres to the compliance requirements of different countries/regions and industries, continuously improves its internal management system, enhances its security control level, and strives to create cloud services that customers can trust.
At the same time, Tencent Cloud actively participates in the formulation and promotion of industry security standards, adheres to the principle of compliance as a service, and builds and operates a secure and reliable cloud ecosystem.
To date, Tencent Cloud has obtained multiple security and privacy compliance certifications or qualifications through independent third-party audits or assessments, including: ISO 27001 Information security management system certification CSA STAR Cloud security certification SOC 1/SOC 2/SOC 3 Report Other regional and industry safety certifications or audit reports.
For more information on Tencent Cloud security compliance, please see Tencent Cloud Compliance page.
Tencent Cloud has obtained multiple security and privacy compliance certifications or qualifications through independent third-party audits or assessments, demonstrating that Tencent Cloud's security management and privacy protection practices meet relevant certification standards or industry best practices.
For more information on Tencent Cloud compliance, please see Tencent Cloud Compliance Page.
If clients require any relevant compliance certificates or reports, please click to download them on the qualifications details page, or through Tencent Cloud Compliance Document Center Apply and download.
Tencent Cloud's responsibility for cloud environment security includes ensuring the security of the underlying physical and infrastructure layers of the entire cloud computing environment, and is responsible for the security and compliance of the cloud platform and the cloud products it provides.
Specifically, Tencent Cloud is responsible for the secure operation and management of data center physical facilities, physical servers, and network equipment, as well as the security and compliance of cloud platforms (such as the virtualization layer and management platform) and all cloud products/services at the design, development, and operation levels, and obtains and maintains relevant security certifications.
In the IaaS model, Tencent Cloud is also responsible for the security management of the virtualization control layer; in the PaaS model, Tencent Cloud shares responsibility for virtualization network and host security, cloud application security, and security configuration policies; in the SaaS model, Tencent Cloud is further responsible for the security of cloud application layers.
For more information on Tencent Cloud platform and product security, please refer to Tencent Cloud Security White Paper.
The customer's responsibility for cloud security includes ensuring the security of their own data, identity access, and the configuration and management of cloud resources.
Specifically, this includes: bearing ultimate responsibility for the security of all business data uploaded, stored, and processed in the cloud; being responsible for the security of their Tencent Cloud account and the management of account-based access control policies; and correctly configuring and using the cloud products (including security products) they purchase according to their own business security needs.
In the IaaS model, the customer is also responsible for the operating system, middleware, and internal network security configuration of the cloud servers they purchase; in the PaaS and IaaS models, the customer is responsible for the security of their self-built applications deployed in the cloud.
Customer content data refers to any data submitted, uploaded, transmitted, or displayed by customers using services provided by Tencent Cloud, including but not limited to text, audio, video, or images. Customer content data is entirely under the control of the customer.
Tencent Cloud, as the data processor, processes this data only in accordance with the methods and purposes stipulated in the agreements signed with the customer (such as the Terms of Service, Data Processing, and Security Agreements). You are fully responsible for ensuring that only specific personnel can perform specific operations on specific data.
Tencent Cloud will leverage Tencent's years of compliance management practices to provide you with comprehensive data security and privacy protection tools and technologies to help you better manage your cloud-based customer data.
Customers are the owners and controllers of the content data they upload to Tencent Cloud (customer cloud business data). They can independently decide the purpose, method, and scope of data processing and lead the entire lifecycle management of their data.
Tencent Cloud, as the data processor, only processes this data according to the methods and purposes agreed upon in the agreements signed with customers (such as service terms, data processing, and security agreements), and will not actively access or use this data for its own purposes.
Customers can choose their own data storage region (availability zone). When purchasing cloud products, customers can select the availability zone for data storage on the purchase page. When customers need to respond to their users' (data subjects') requests regarding their personal data rights (such as access, correction, deletion, restricted processing, and data portability rights), Tencent Cloud is obligated to provide necessary technical support to empower customers to manage the data under their control.
At the same time, Tencent Cloud is committed to maintaining the confidentiality of customer data in accordance with relevant laws and regulations.
Tencent Cloud provides security guarantees for customer data in storage through technical (such as encryption and access control) and management measures to help customers achieve the availability, integrity, and confidentiality of their cloud data.
As a cloud service provider, Tencent Cloud promises that, unless otherwise stipulated by laws and regulations or agreed upon by both parties, it will not access or use the content data hosted by customers on Tencent Cloud.
When a customer explicitly requests operational support from Tencent Cloud or when the nature of the services provided by Tencent Cloud necessitates processing the customer's content data, Tencent Cloud will obtain explicit authorization from the customer in advance and will process the data in accordance with the principle of minimum necessity.
Furthermore, Tencent Cloud employs strict operational access control processes and technical measures to prevent Tencent Cloud's backend operations personnel from unauthorized access to or manipulation of the customer's content data stored in the cloud.
Tencent Cloud adheres to the principle of "data privacy" and employs multi-layered technical isolation measures to ensure that customer data within the same resource pool is not visible to each other, technically guaranteeing that tenants cannot access, obtain, or tamper with other tenants' data.
Tencent Cloud safeguards multi-tenant data confidentiality in the following four ways:
- Virtualization Layer: Tencent Cloud applies mature hardware virtualization technology to provide complete virtual resource isolation capabilities between tenants for cloud servers and other resources in the virtualization layer. The network, memory, disk and other resources of different users are all prevented from communicating and accessing each other through underlying logical access control, ensuring that each customer can only access the cloud computing resources they have purchased, and effectively achieving data isolation between different customers.
- Network layer: Virtual Private Cloud VPC (Virtual Private Cloud) is a dedicated cloud network space built by Tencent Cloud for its customers. Customers can achieve logical network isolation by configuring a private network. VPCIt allows for custom network segmentation, IP address and routing policies, and filters traffic from the subnet and host dimensions through network ACLs and security groups, ensuring data isolation between different customers through complete network isolation.
- Cloud Database Layer: When customers use cloud databases, Tencent Cloud isolates the network layer through firewall policies and a whitelist filtering mechanism. Furthermore, Tencent Cloud uses access control mechanisms for database instances to ensure that each customer can only access their corresponding data and cannot access other customers' data. In addition, Tencent Cloud also provides dedicated cluster databases, allowing customers to exclusively use physical cluster resources and flexibly create cloud databases of various custom specifications.
- Object storage: Verifies the legitimacy of requests through key signing and supports setting public or private read/write permissions for stored objects as needed, ensuring controlled data access.
For more information on data security, please see Tencent Cloud Security White Paper.
Tencent Cloud's infrastructure covers 26 geographic regions globally.
Tencent Cloud allows customers to choose their preferred region for storing their data within its geographically targeted products. Different Tencent Cloud regions are completely isolated, ensuring maximum stability and fault tolerance.
Customer content data will not be transferred outside the customer's chosen Tencent Cloud region without their consent.
As a data processor, Tencent Cloud will not transfer customer business data to regions outside their chosen region. As a data controller, customers should select an appropriate Tencent Cloud region based on their needs.
Before transferring (disclosing/sharing) personal data to other organizations, the purpose of the transfer, the content of the data to be transferred, and the names of other data processing organizations receiving the data should be communicated to the data subject, with corresponding legal grounds.
When personal data is transferred outside the country (region) where the data subject resides, appropriate laws and regulations should be identified to ensure that corresponding control measures are deployed and implemented in accordance with legal requirements.
This includes, for example, signing a data transfer agreement with the receiving party in a third country, clearly defining the control requirements for data processing, jurisdiction, sufficiency assessment, mitigation scenarios, and appropriate safeguards (depending on applicable legal requirements).
Compliance is the foundation of Tencent Cloud's development.
Tencent Cloud identifies and adopts advanced international and industry security standards, adheres to the compliance requirements of different countries/regions and industries, continuously improves its internal management system, enhances its security control level, and strives to create cloud services that customers can trust.
At the same time, Tencent Cloud actively participates in the formulation and promotion of industry security standards, adheres to the principle of compliance as a service, and builds and operates a secure and reliable cloud ecosystem.
To date, Tencent Cloud has obtained multiple security and privacy compliance certifications or qualifications through independent third-party audits or assessments, including: ISO 27001 Information security management system certification CSA STAR Cloud security certification SOC 1/SOC 2/SOC 3 Report Other regional and industry safety certifications or audit reports.
For more information on Tencent Cloud security compliance, please see Tencent Cloud Compliance page.
Tencent Cloud has obtained multiple security and privacy compliance certifications or qualifications through independent third-party audits or assessments, demonstrating that Tencent Cloud's security management and privacy protection practices meet relevant certification standards or industry best practices.
For more information on Tencent Cloud compliance, please see Tencent Cloud Compliance Page.
If clients require any relevant compliance certificates or reports, please click to download them on the qualifications details page, or through Tencent Cloud Compliance Document Center Apply and download.