Through a combination of technology and processes a cloud environment can meet the most stringent of security requirements.
There are a number of physical access security measures which can be implemented including 24x7x365 onsite security, biometric hand geometry readers on all doors and equipment cages plus around-the-clock CCTV monitoring delivering detailed surveillance and audit logs.
Segmenting each client into their own VRF (Virtual Routing and Forwarding) prevents each client from seeing or accessing each other’s network. VRF technology also eliminates the problem of clients having the same IP range as another client.
This will also give all client’s their own dedicated public IP range which enhances public security for services such as VPN connection.
Through firewalling technologies (such as those provided by Cisco), each client should have their own set of firewall rules which are not shared or impacted by other client configurations. This means firewall configuration and changes are completely independent of other customers and each customer will be provisioned with one or more VLANs to cater for any internal requirements, these VLANs map back to the individual clients VRF. Private WAN networks and physical hardware can be patched into your VLAN at this level.
Virtual Server Security
VMware is recognised within the industry as the leader in virtual technology platforms and their vSphere offering was specifically built for the cloud.
Each customer’s virtual servers are attached to the network via one or more customer-segmented port groups. Each port group ties the servers into the customer allocated VLANS created as part of the cloud network security per customer.
Each customer’s Virtual Servers have their own VMDK (Virtual Machine Disk Format) which is a file that represents the drives created as part of the virtual server. This virtual disk contains the server’s operating system, and associated data drives. The virtual server operating system has no visibility of SAN storage or other VMDK’s existing in the environment.
Further to this using fibre channels for SAN storage connectivity can help to alleviate security implications associated with other methods of attachment, such as IP storage.
Third Party Security Audits
Undertaking regular scheduled third party security audits with independent security companies to industry IT security standards will ensure your data security is continually maintained.
Implementing stringent ITIL aligned change management process reduces risk by enforcing standard methods and procedures for efficient and prompt handling of changes, while minimising the impact of change on service availability. All change requests shuold undergo a stringent security impact assessment before being approved and implemented.
Harbour IT implements all the above security measures and can provide further details to satisfy your specific requirements for compliance with IT risk management legislative provisions and your corporate IT security policy.