Security in the Cloud
Cloud computing offers numerous advantages over storing data locally in an office, much of these revolve around physical and electronic security and also backup and disaster recovery.
Pure diskless processing engines, which ensure all data is centrally stored on a Storage Area Network (SAN). Storage Area Networks offer much greater resilience than traditional hard-drives because they store (stripe) data access multiple drives in a SAN shelf for resilience and speed. Typical SANs used have between 20 and 240 live drives. Centralized storage is also much easier to secure and protect.
As a policy we also replicate Storage Area Network data to an alternate data center in the same country. This equates to having an offsite and real time copy of any data stored on the primary site. In the case of a total failure of a data center or Storage Area Network, which is very unlikely, eTegrity can quickly recover data and provide this data to customers or restore to alternative systems (default policy).
Electronic Access to Services
All of our access points to services are encrypted through the use of SSL (secure socket layer) at least 128 bit encryptions. This provides encryption for all data which is being sent to and from our network, such as email, desktop data and passwords etc. For desktops a connection broker is used to provide encryption for key strokes and screen data.
Electronic Intrusion Detection and Logging
To protect data and security, Panda is used as an intrusion detection system (IDS). IDS is used to log and look for unusual network and user behavior within the internal network. IDS is deployed on both internal and external networks and has a number of automatic triggers to alert engineers of unusual behavior and to isolate potential problems.
Internal policy dictates logging of user access to any of the services such as Hosted Desktop, Exchange and stores this information securely as part of our data retention policy.
Staff Change Control and Access Monitoring
In order to monitor access to systems, all engineers provided with access to potentially sensitive information have passed a data competency check. All staff members have references checked and have also signed an encompassing Non-Disclosure Agreement preventing the disclosure of any sensitive materials in our domain. Access to systems and data is only by experienced engineering staff that has been granted access by Director Level. Staff members are aware their access in and out of systems is monitored.
User and Storage Separation
Access to user data is managed by ACL (Access Control Lists) which designate which users have appropriate access to specific services and data. This is managed via internal (not public facing) networks which reside within our infrastructure. Users will be allowed to access only their unique data.
Server and Desktop session data is being protected by virtualization technologies such as VMware and Parallels, which provide total security to users within their respective systems, as well as the data they are accessing. Unlike Terminal Services or Citrix, users have a shared server environment where all users are affected if there is a server problem.
Each customer's data is stored in a separate LUN (logical unit number)* on our Storage Area Networks. This is a grouping of storage that is isolated in a partition for a specific user or service. Through ACL (access control lists) only the designated user(s) will have access to read and write to this LUN. Typically, ACL are managed securely via LDAP or Active Directory.
*This does not apply to shared services such as Exchange and Web Hosting.
Customer Data – You can be confident that your data is safe and will always be available to you, and only you, reducing business risk. Our managed service protects you from the ever changing threat of viruses and loss of data. We ensure that proper security measures are in place to protect your data. Customers have access to their own private data at any time, with which they can copy, backup and store copies themselves if required. None of the data is stored in proprietary format.
At all times the data stored within our services is the property of the Customer
In the case of service termination the data can be provided to the Customer on DVD or other Portable Digital Media subject to a Chargeable Support Service fee. This data will only be kept for a maximum of 7 days while it is filtered out of the backup archives.
Data Archive Retention Policies
While backups are kept they are part of the Archive Retention Policy. Data residing in the Archive Store will be deleted in accordance with a pre‐determined policy. Archive Retention Policies (ARP) can be customized in a variety of ways to meet specific requirements.
The standard approach for managing deletions is to have a retention policy set at the time the initial backup is taken. No data can be deleted from the Archive Store by Customers, by any means, before the retention period in the policy has expired. Retention policies can be used to meet data protection and email retention compliance requirements.