View
164
Download
0
Category
Preview:
Citation preview
Flexible and robust SHARED IT
capability delivered over the
INTERNET…
Flexible and robust SHARED IT
capability delivered over the
INTERNET…
Sharing Introduces
Risks
Access via the Internet Introduces
Risks
• Categorized into two streams..
Outside Inside
• First of all, let’s clear some mistruth’s…
• First of all, let’s clear some mistruth’s…
Internet Point of Presence Breach (border firewall)
Secure Communications (to and from the customer network)
Denial of Service (to another hosted customer)
Client Cross-Talk (where one client’s resource demands negatively impact another)
Attacks from within (ie network attacks from behind the border firewall)
Data Loss Prevention
(who can copy your data)
Data Sovereignty
(who owns your data, and can gain access to it)
• We share the responsibility to ensure security; Cloud providers can only go so far.. (in a survey by F5 networks, 33% of respondents though that the provider was responsible for security)
Security
Functionality
• Encrypt your sensitive data
• Install Intrusion Detection on your
Servers
• Enable Firewalls on your Servers
• Leverage and demand control of
firewalls into your hosted network
• Ensure all portals are protected with
SSL; apply password policies
• Ensure any site to site VPNs are using
at least 256 bit encryption
• Every customer operates in their own VLAN
• Every DMZ server resides in a pVLAN
• Local DMZ traffic requires firewall traversal
• Border Firewall – Controlled by us;
Customer Firewall – Controlled by YOU
• Border firewall includes auto DDoS defense
• Resource reservations per customer
• SSL Certificates deployed for all admin
portals
• Checkpoint Border Firewalls with DDoS, IDS enabled – stateful and
application level filtering
• Cisco Nexus Switches with Layer 2/3 security
• VMware vShield stateful packet inspection Firewall per Client
• VMware vShield Site to Site VPNs with 256bit encryption
• CPU, RAM, Network & Storage IO Controls (fair share)
• Delegated “just enough” rights
• Cannot delete or copy customer VMs
• Have no access into customer
networks
• Have no ability to interact with
customer servers
• Auditing and separation of duties
• ITIL aligned operating processes
• Staff all undergo Police checks
• Real-time monitoring and enforcement of platform configuration
(unauthorized change reversed)
• Real-time monitoring and alerting of privileged actions
• Real-time monitoring and alerting from Border firewalls
• Centralized Admin user account repository with strict password
policies
• Security extends to your DATA (in fact, isn't
that what you are protecting!)
• Offshore hosting exposes you to the laws of
the country in which you are hosted
• Beware hosting with USA registered
companies (patriot act)
• For maximum security, ensure your data
remains in Indonesia
• IndonesianCloud is 100% local
• VMware vCloud Powered = Independent verification of our
Architecture
• Investment in the “best of breed” technology
• Completely Transparent; we have nothing to hide
• Completely Open platform; we have no technology lock-in and will
even help you export your VMs
• Strict SLAs with penalties for breach
www.indonesiancloud.com
Recommended