NaviCloud Platform Security: Multi-Prong Security ApproachManaged Cloud Services - SecurityThe NaviCloud Platform provides all of the security measures associated with traditional hosting environments, including two-factor authentication; network intrusion detection and prevention; automated vulnerability scans; and third-party penetration testing. Advanced firewall technology provides intelligent threat defense with advanced capabilities, including identity-based access control and denial of service (DoS) attack protection. Role-based access control ensures that users have only the permissions required for their business or support roles. Permissions can also be set on objects or groups managed by NaviSite. All activity is logged for auditing purposes. Compliance is that the heart of the NaviCloud Platform. All NaviCloud data centers are SAS 70 Type II-compliant, and undergo rigorous reviews of policies, practices and security measures. SAS 70 Type II audits are certified by independent auditors. NaviCloud also conforms to the security principles and guidelines established by the Cloud Security Alliance. NaviCloud Platform Security FrameworkThe most effective security is a comprehensive, layered defense based on a framework. A cloud platform can leverage specialized tools to protect the integrity of virtual machines and Internet communications. Virtualization creates logical abstraction layers that allow for multi-tier security policies in order to provide true defense in depth. Enterprises with limited IT resources may not be able to afford the same security measures as a cloud provider and remain competitive. Deploying cloud-based IaaS represents an opportunity for the enterprise to build in security from the ground up. NaviCloud Platform HardeningHypervisors provide a consolidated, logical view of multiple virtual machines (VMs). VMs running on the same physical machines must be guaranteed to remain isolated from one another, through omission, mis-configuration, or intentional breach. The Center for Internet Security and the Defense Information Systems Agency (DISA), as well as hypervisor vendors, publish "hardening" guidelines. Hardening examples include how to correctly protect memory segmentation using container rings, and familiar steps like best-practice configurations, deploying the latest patches, and proper cleaning up of de-provisioned virtual machines and resources. Hardening helps guarantee virtual machine isolation and challenges penetration from without. Properly hardened hypervisor layers prevent IaaS end users from inadvertently mapping IP addresses across virtual machines, IP spoofing, or intentionally leveraging Network Address Table (NAT) mapping to hijack communications. Hardening makes it difficult to install "eavesdropping programs" to monitor virtual machine memory space. The hypervisor can also rapidly propagate new configurations, patches, or layered security policies across the infrastructure. NaviSite addresses all of these security concerns within the NaviCloud Plarform to further strengthen IaaS security. Read This Cloud Computing Security Article Entitled “Cloud Is More Secure” Datasheet: Managed Cloud Services Security
|