Flexible and robust SHARED IT

capability delivered over the

INTERNET…

Flexible and robust SHARED IT

capability delivered over the

INTERNET…

Sharing Introduces

Risks

Access via the Internet Introduces

Risks

• Categorized into two streams..

Outside Inside

• First of all, let’s clear some mistruth’s…

• First of all, let’s clear some mistruth’s…

Internet Point of Presence Breach (border firewall)

Secure Communications (to and from the customer network)

Denial of Service (to another hosted customer)

Client Cross-Talk (where one client’s resource demands negatively impact another)

Attacks from within (ie network attacks from behind the border firewall)

Data Loss Prevention

(who can copy your data)

Data Sovereignty

(who owns your data, and can gain access to it)

• We share the responsibility to ensure security; Cloud providers can only go so far.. (in a survey by F5 networks, 33% of respondents though that the provider was responsible for security)

Security

Functionality

• Encrypt your sensitive data

• Install Intrusion Detection on your

Servers

• Enable Firewalls on your Servers

• Leverage and demand control of

firewalls into your hosted network

• Ensure all portals are protected with

SSL; apply password policies

• Ensure any site to site VPNs are using

at least 256 bit encryption

• Every customer operates in their own VLAN

• Every DMZ server resides in a pVLAN

• Local DMZ traffic requires firewall traversal

• Border Firewall – Controlled by us;

Customer Firewall – Controlled by YOU

• Border firewall includes auto DDoS defense

• Resource reservations per customer

• SSL Certificates deployed for all admin

portals

• Checkpoint Border Firewalls with DDoS, IDS enabled – stateful and

application level filtering

• Cisco Nexus Switches with Layer 2/3 security

• VMware vShield stateful packet inspection Firewall per Client

• VMware vShield Site to Site VPNs with 256bit encryption

• CPU, RAM, Network & Storage IO Controls (fair share)

• Delegated “just enough” rights

• Cannot delete or copy customer VMs

• Have no access into customer

networks

• Have no ability to interact with

customer servers

• Auditing and separation of duties

• ITIL aligned operating processes

• Staff all undergo Police checks

• Real-time monitoring and enforcement of platform configuration

(unauthorized change reversed)

• Real-time monitoring and alerting of privileged actions

• Real-time monitoring and alerting from Border firewalls

• Centralized Admin user account repository with strict password

policies

• Security extends to your DATA (in fact, isn't

that what you are protecting!)

• Offshore hosting exposes you to the laws of

the country in which you are hosted

• Beware hosting with USA registered

companies (patriot act)

• For maximum security, ensure your data

remains in Indonesia

• IndonesianCloud is 100% local

• VMware vCloud Powered = Independent verification of our

Architecture

• Investment in the “best of breed” technology

• Completely Transparent; we have nothing to hide

• Completely Open platform; we have no technology lock-in and will

even help you export your VMs

• Strict SLAs with penalties for breach

www.indonesiancloud.com