NaviCloud Platform Security: Multi-Prong Security ApproachManaged Cloud Services - SecurityThe NaviCloud Platform provides all of the security measures associated with traditional hosting environments, including two-factor authentication; network intrusion detection; automated vulnerability scans; and third-party penetration testing. Additionally, advanced firewall technology is available and provides intelligent threat defense with advanced capabilities, including identity-based access control and denial of service (DoS) attack protection. Role-based access control ensures that users have only the permissions required for their business or support roles. Permissions can also be set on objects or groups managed by NaviSite.
Compliance is at the heart of the NaviCloud Platform. All current NaviCloud enabled data centers in the US are SSAE 16 SOC 1 compliant, and undergo rigorous reviews of policies, practices and security measures. NaviCloud Platform Security FrameworkThe most effective security is a comprehensive, layered defense based on a framework. A cloud platform can leverage specialized tools to protect the integrity of virtual machines and Internet communications. Virtualization creates logical abstraction layers that allow for multi-tier security policies in order to provide true defense in depth enabling more enterprises utilize the same security measures as a cloud provider and remain competitive. Deploying cloud-based infrastructure-as-a-service (IaaS) represents an opportunity for the enterprise to build in security from the ground up. NaviCloud Platform HardeningHypervisors provide a consolidated, logical view of multiple virtual machines (VMs). VMs running on the same physical machines are guaranteed to remain isolated from one another, through omission, mis-configuration, or intentional breach. The Center for Internet Security and the Defense Information Systems Agency (DISA), as well as hypervisor vendors, publish "hardening" guidelines. Hardening examples include how to protect memory segmentation using container rings, and familiar steps like best-practice configurations, deploying the latest patches, and proper cleaning up of de-provisioned virtual machines and resources. NaviSite has developed independent hardening standards based on an amalgamation of recommendations from vendors, regulators, and independent security organizations. This approach allows for a platform that meets the requirements of a disparate customer base from the same platform. Given the multi-tenant nature of the NaviCloud environment, it is critical to ensure that compromised VMs in one customer account can not affect VMs in another account. While there are controls built in to the network and AppCenter provisioning process, a basic strategy of defense in depth necessitates locking down the hypervisor with same degree of vigor as the other components to minimize the ability of a malicious user to access or undermine another account. Properly hardened hypervisor layers prevent IaaS end users from inadvertently mapping IP addresses across virtual machines and IP spoofing. Hardening makes it difficult to install "eavesdropping programs" to monitor virtual machine memory space. The hypervisor can also rapidly propagate new configurations, patches, or layered security policies across the infrastructure. NaviSite addresses all of these security concerns within the NaviCloud Plarform to further strengthen IaaS security. Read This Cloud Computing Security Article Entitled “Cloud Is More Secure” Datasheet: Managed Cloud Services Security
|