Rackspace Private Cloud Security
|
|
- Cecily Wilson
- 8 years ago
- Views:
Transcription
1 Rackspace Private Cloud Security Written by: Joe Burke Rackspace Private Cloud Product Architect Rackspace Private Cloud Security Cover
2 Table of Contents 1. Introduction 2 2. Rackspace Private Cloud Security 3 Configuration Options 3. Operational Security 5 4. Physical Security 7 5. Network Security 9 6. Recommended Customer Controls 10 Rackspace Private Cloud Security Page 1
3 1: Introduction Security is a very complex topic for every organization. Challenges can include legislative requirements and internal procedures spanning across both the physical, logical, and virtual layers. Although the uniqueness of customer needs can be endless, Rackspace Private Cloud is designed with the flexibility to meet these needs. The key to having a well-secured environment is not just identifying the risks, but ensuring the appropriate controls are in place and that they are being actively monitored. While Rackspace Private Cloud provides the flexibility, Fanatical Support brings best-practices and experience in managing the infrastructure to help achieve customer s control objectives. This document will provide an introductory understanding of: 1. Security configuration options available within Rackspace Private Cloud 2. Security of customer s Rackspace Private Cloud if hosted at Rackspace 3. Security of customer s Rackspace Private Cloud if hosted within a customer s data center 4. Security and Fanatical Support service For a Rackspace Private Cloud hosted at Rackspace For a Rackspace Private Cloud hosted with a customer s data center Assumptions Users reading this should have a basic understanding of the following concepts; if not, some reference links are provided: Familiarity with the components of Rackspace Private Cloud and Rackspace Public Cloud Security Industry standards and regulations including: ISO 27001, SSAE16, FISMA, HIPAA Difference between Software-, Platform-, and Infrastructure-as-a-service Please note that Rackspace provides various levels and types of Rackspace Private Cloud Support Services, not all information in this whitepaper will apply to all such services. For more detail about which Rackspace Private Cloud services can meet your needs, please contact a sales associate. Rackspace Private Cloud Security Page 2
4 2: Rackspace Private Cloud Security Configuration Options OpenStack offers a variety of options on how to secure a cloud. Authentication/Identity Management Within the Rackspace Private Cloud, identities can be authenticated using either internal or external authentication protocols like: LDAP and Active Directory. This allows enterprises to reuse their existing infrastructure. Authorization/Role Management Rackspace Private Cloud provides preconfigured roles and role assignment. Roles provide fine-grained authorization over specific actions and are assigned to identified users. Customers can define custom roles to meet specific compliance or operational needs, e.g. segregation of duties. These are defined within each of the cloud components. For example, a Cloud Operator role might be configured to: Add a new nova compute guest VM Add additional storage to a zone View an availability zone but not create one Host Operating Systems Rackspace Private Cloud recommends hardening the host Operating Systems. Many current Private Cloud customers currently do this and the Rackspace Private Cloud team will collaborate with customers to recommend a strategy based upon current corporate standards. Guest/VM Operating Systems The OpenStack Image service, Glance, as implemented in the Rackspace Private Cloud, can be integrated into an enterprise s existing change management and image release process. This allows the use of an organizations existing, hardened images. Please consult with the Rackspace Private Cloud team for a list of the latest supported base Operating Systems. Rackspace Private Cloud Security Page 3
5 Multi-Tenancy A core element of OpenStack is its support for multi-tenancy. Rackspace Private Cloud leverages this by initially installing a configuration that ensures isolation between tenants. Tenant isolation can be used to prevent unrestricted communication between business units or application domains. This best practice safeguards against cross-vlan communication by restricting ingress traffic based on destination port and source IPs. If desired, configurations are also possible that could allow inter-vlan communication. Rackspace Private Cloud architects will work with customers to understand their needs and recommend an appropriate solution. Similarly, this practice also extends down into the storage platform by leveraging the OpenStack Identity security service. Communication Rackspace Private Cloud recommends separating management and internal service traffic onto separate networks. Internally, OpenStack internal communications are performed as RESTful API calls that can be secured via SSL/TLS certifications. Looking forward, OpenStack s security groups are actively advancing Firewall-as-a- Service and other OpenStack networking features enabling multiple levels of software defined network isolation. Fanatical Support for Private Cloud Fanatical Support for Private Cloud starts with a team that has expert knowledge in OpenStack, applies that knowledge to a customer s specific platform needs, implements the cloud while complying with a customer s compliance standards, and continues with a support team monitoring the health of the environment. Rackspace Private Cloud Security Page 4
6 3: Operational Security Rackspace Hosting policies and procedures set a high standard that each employee, consultant, and third-party service provider is required to follow. These corporate standards cover key functions like: password-based access password expiration automatic workstation locking documented change management and escalation procedures onboarding training VPN-base access access that are monitored and independently audited Rackspace maintains documented operational procedures for both infrastructure operations and customer-facing support functions. Newly provisioned infrastructure undergoes appropriate testing procedures to limit exposure to any hardware failure. Documented procedures and configuration version controls provide protection from errors during configuration. Changes to an existing infrastructure are controlled by a technical change management policy, which enforces best practice change management controls including impact/risk assessment, customer sign off, and back-out planning. Rackspace participates in and maintains the following audit reports, certifications, and documentation: SSAE 16 / ISAE 3402 (formerly SAS70 Type II) Audit Reports Safe Harbor Self-Certification ISO Certification(s) PCI Attestation of Compliance & PCI DSS Validated Service Provider CDSA Certification SOC2 Data Centers in Security & Availability Report SOC3 Data Centers in Security & Availability Report Whether the cloud is hosted in a Rackspace data center or in a customer s data center, the support team will adhere to both Rackspace corporate as well as the customer s policies and procedures. The Rackspace team will work with customers to determine the appropriate level of access and proper delineation of responsibilities to support the Private Cloud including identifying any logistical steps needed. Rackspace Private Cloud Security Page 5
7 Below is an example of key functions and responsibilities based upon where the Rackspace Private Cloud (RPC) is deployed Responsibility Rackspace Customer DC Hardware & Data Center Rackspace Customer Networking Rackspace Customer RPC Host OS Rackspace Either Backup (Host OS) Rackspace Either RPC Components Rackspace Rackspace Patching RPC Rackspace Either Monitoring RPC Either Either RPC Upgrades Rackspace Either Cloud Capacity Planning Rackspace Either Guest OS Imaging Creation and Patching Customer Customer Instance Deployment Customer Customer Application Management Customer Customer Should a Private Cloud be deployed at a customer s data center and supported by Rackspace, the Rackspace support team is willing to work with customers to understand their specific security standards and derive a solution that meets or exceeds those standards. Data Security/Backup Rackspace Private Cloud allows third-party encryption tools to be used throughout the infrastructure, including SSL/TLS certifications and file/database encryption, giving customers flexibility to reuse their current encryption tools. While no solution is prescribed, Rackspace Implementation teams will work with customers to provide guidance on how to integrate these. Rackspace Private Cloud is integrated with Rackspace Managed Backup service, giving customers the ability to securely back up Host Machine information. Operationally, the Rackspace Private Cloud support team can actively monitor the cloud environment and proactively reach out to customers when actions are required. Rackspace recommends and most customers prefer to provide an approval prior to any changes being made. Rackspace Private Cloud Security Page 6
8 4: Physical Security For Private Clouds hosted in a Rackspace data center, physical security concerns are addressed across the data center and network. Data Center Rackspace Private Cloud is available in Rackspace data centers globally. Rackspace data centers physical security capabilities include: Two-factor authentication required to access all data center facilities. Electromechanical locks controlled by biometric authentication (hand geometry or fingerprint scanner) and key-card/badge. Access to secure sub-areas allocation on a role-specific basis Authorized Rackspace personnel s access to the facilities is reviewed on a monthly basis by management Termination and role-change control procedures are in place so that any physical or logical access rights are removed in a timely manner when access is no longer necessary or appropriate Closed circuit video surveillance is installed at all entrance points on the interior and exterior of the buildings that house data centers. Cameras are monitored 24x7x365 by on-site security personnel and support data retention for 90 days. Sensitive equipment such as information processing facilities, including customer servers, is housed in secure sub-areas within each data center s secure perimeter and is subject to additional controls Centralized Security Management Systems are deployed at all data centers to control the Electronic Access Control Systems and closed circuit television networks. Rackspace data centers are operational 24x7x365 and are manned around-the-clock by a security team and engineering/operations personnel. Appropriate additional perimeter defense measures, such as walls, fencing, gates and anti-vehicle controls are in place at Rackspace data centers. The delivery and loading bays at all Rackspace data centers are separate areas secured by defined procedures and security controls. Rackspace Private Cloud Security Page 7
9 Unauthorized visitors are not permitted access to the data centers. Authorized data center visitors are required to abide by the following rules: Authorized approvers must specifically grant visitor access to the data centers at least 24 hours before the scheduled visit Visitors must have a valid reasons for entering the data center Visitors must sign the visitor s log, present a valid photo ID, and specify the reason for visiting and a Rackspace point of contact Visitor badges differ in appearance from Rackspace employee badges and do not provide any control over doors, locks, etc. All visitor access is logged. This policy applies equally to Rackspace employees not assigned to the data center. Visitors, including Rackspace customers, are strictly forbidden from accessing the data halls themselves and other secure sub areas. Visitors must be escorted at all times while at any Rackspace facility. Data center management performs a monthly audit of security and visitor access logs Rackspace Private Cloud Security Page 8
10 5: Network Security Whether deployed at Rackspace or within a customer s data center, network security is as equally important as physical security and encryption. OpenStack Neutron Network component is a software defined network that provides enhanced flexibility on how to manage your virtual network. Security over these networks can be applied in a variety of ways. Rackspace Private Cloud architects and support team members will work with customers to help identify and develop an appropriate solution to meet their current and future needs. Network Security within a Rackspace Data center All Rackspace network infrastructure devices are located in a physically secure data center with controlled access. All visitors or authorized contractors are logged and escorted. Local console access to network devices is restricted to authorized individuals and requires access to the physical location as well as the correct username and password for console login. While Rackspace utilizes a wireless infrastructure for corporate connectivity, wireless access points are not permitted in the data halls where the cloud infrastructure resides, and regular scans are performed to identify and neutralize rogue access points. Administrative access to the networking devices underlying the cloud infrastructure is controlled via industry standard practices (TACACS+) and is subject to appropriate logging and monitoring, records of which are retained for one year. Logical access to cloud infrastructure network devices is only provided to those Rackspace employees with a business requirement for such access, and is subject to permissions change control including independent managerial authorization and timely revocation of access rights. SSL is used to encrypt administrative sessions. Implementing new cloud environments is performed according to standardized procedures in order to minimize the risk of accidental insecure network provisioning. Rackspace maintains strict policies on the use of network services. The network services underlying our cloud infrastructure are subject to DDoS/DoS mitigation and network policy enforcement controls, ensuring the best possible quality of connection to the customer s cloud environment and maximizing the stability of the environment. These include anti-spoofing controls and IP prefix-lists, as well as Unicast Reverse Path Forwarding (URPF) protocols in place at edge routers in data centers hosting cloud environments. Rackspace Private Cloud Security Page 9
11 6: Recommended Customer Controls When hosted at Rackspace, the infrastructure controls are designed to protect cloud resources from attack within the environment, appropriately control and provide assurance over Rackspace access to customer cloud resources. The customer should seek to protect their cloud resources and hosted data with measures overlaying Rackspace infrastructure controls as appropriate to their data s sensitivity and criticality as informed by a formal risk assessment. Customers are the primary owner of their data and maintain sole visibility over its specific security requirements. Accordingly, customers are responsible for classifying their data and applying appropriate risk mitigation controls. Customer s sensitive data should be encrypted for storage in order to preserve confidentiality. Rackspace recommends that data being transmitted to and from the cloud should be subject to encryption appropriate to its requirements, for example the use of TLS or a secure VPN. Rackspace Private Cloud customers can interact with the environment at an administrative level via API. Authentication is required in order to use them. Customer applications that interface with APIs should undergo adequate security testing and maintain best practice application security controls including communication with our SSL protected API endpoints via HTTPS. Customers should consider tightly restricting access to API keys and account credentials to those employees with a legitimate business requirement, as well as segregating duties to maintain accountability. As primary system administrator of the cloud resources, the customer is responsible for managing user accounts creation, provisioning and destruction, password policies, server level account authentication mechanisms, etc. Rackspace recommends that customers integrate their Private Cloud with their organizational single-sign on (SSO) domain if available in order to simplify this task. Rackspace Private Cloud Security Page 10
12 About Rackspace Rackspace Hosting (NYSE: RAX) is the open cloud company, delivering open technologies and powering hundreds of thousands of customers worldwide. Rackspace provides its renowned Fanatical Support across a broad portfolio of IT products, including Public Cloud, Private Cloud, Hybrid Hosting and Dedicated Hosting. The company offers choice, flexibility and freedom from vendor lock in. GLOBAL OFFICES Headquarters Rackspace, Inc Walzem Road City of Windcrest, San Antonio, Texas Intl: UK Office Rackspace Ltd. 5 Millington Road Hyde Park Hayes Middlesex, UB3 4AZ Phone: Intl: +44 (0) Benelux Office Rackspace Benelux B.V. Teleportboulevard EJ Amsterdam Phone: Intl: +31 (0) Hong Kong Office 9/F, Cambridge House, Taikoo Place 979 King s Road, Quarry Bay, Hong Kong Sales: Support Australia Office Level 4, 210 George Street, Sydney, NSW 2000 Phone: Rackspace US, Inc. All rights reserved. This whitepaper is for informational purposes only and is provided AS IS. This information is intended as a guide and not as a step-by-step process, and does not represent an assessment of any specific compliance with laws or regulations or constitute advice. We strongly recommend that you engage additional expertise in order to further evaluate applicable requirements for your specific environment. RACKSPACE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS DOCUMENT AND RESERVES THE RIGHT TO MAKE CHANGES TO SPECIFICATIONS AND PRODUCT/SERVICES DESCRIPTION AT ANY TIME WITHOUT NOTICE. RACKSPACE RESERVES THE RIGHT TO DISCONTINUE OR MAKE CHANGES TO ITS SERVICES OFFERINGS AT ANY TIME WITHOUT NOTICE. USERS MUST TAKE FULL RESPONSIBILITY FOR APPLICATION OF ANY SERVICES AND/ OR PROCESSES MENTIONED HEREIN. EXCEPT AS SET FORTH IN RACKSPACE GENERAL TERMS AND CONDITIONS, CLOUD TERMS OF SERVICE AND/OR OTHER AGREEMENT YOU SIGN WITH RACKSPACE, RACKSPACE ASSUMES NO LIABILITY WHATSOEVER, AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO ITS SERVICES INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. ALTHOUGH PART OF THE WHITEPAPER EXPLAINS HOW RACKSPACE SERVICES MAY WORK WITH THIRD PARTY PRODUCTS, THE INFORMATION CONTAINED IN THE WHITEPAPER IS NOT DESIGNED TO WORK WITH ALL SCENARIOS. ANY USE OR CHANGES TO THIRD PARTY PRODUCTS AND/OR CONFIGURATIONS SHOULD BE MADE AT THE DISCRETION OF YOUR ADMINISTRATORS AND SUBJECT TO THE APPLICABLE TERMS AND CONDITIONS OF SUCH THIRD PARTY. RACKSPACE DOES NOT PROVIDE TECHNICAL SUPPORT FOR THIRD PARTY PRODUCTS, OTHER THAN SPECIFIED IN YOUR HOSTING SERVICES OR OTHER AGREEMENT YOU HAVE WITH RACKSPACE AND RACKSPACE ACCEPTS NO RESPONSIBILITY FOR THIRD-PARTY PRODUCTS. Except as expressly provided in any written license agreement from Rackspace, the furnishing of this document does not give you any license to patents, trademarks, copyrights, or other intellectual property. Rackspace, Rackspace logo, Fanatical Support, and/or other Rackspace marks mentioned in this document are either registered service marks or service marks of Rackspace US, Inc. in the United States and/or other countries. Third-party trademarks and tradenames appearing in this document are the property of their respective owners. Such third-party trademarks have been printed in caps or initial caps and are used for referential purposes only. We do not intend our use or display of other companies tradenames, trademarks, or service marks to imply a relationship with, or endorsement or sponsorship of us by, these other companies. Rackspace Private Cloud Security Page 11
TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1
TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1 Table of Contents 1. Operational Security 2. Physical Security 3. Network
More informationEffective Azure Migration Moving Applications to the Cloud
Effective Azure Migration Moving Applications to the Cloud Effective Azure Migration Cover Table of Contents Executive Summary 1 Defining Line-of-Business Applications 1 An Example Application 2 The Migration
More informationThe Hybrid Cloud and Microsoft Azure Bridging Private and Public Environments
The Hybrid Cloud and Microsoft Azure Bridging Private and Public Environments The Hybrid Cloud and Microsoft Azure Cover Table of Contents Introduction 1 What Is a Hybrid Environment? 2 Buy, Lease or Rent
More informationHow To Design A Private Cloud Powered By Openstack
Rackspace Private Cloud Powered By OpenStack: The Customer Experience Author: Christian Foster Director, Rackspace Private Cloud Rackspace Private Cloud Powered By OpenStack : The Customer Experience Cover
More informationCloud Security. in an Agile World. Written by: Jaret Chiles, Enterprise Cloud Solutions Architect and Matt Tesauro, Product Security Engineering Lead
Cloud Security in an Agile World Written by: Jaret Chiles, Enterprise Cloud Solutions Architect and Matt Tesauro, Product Security Engineering Lead Cloud Security in an Agile World Cover Table of Contents
More informationSECURITY in the RACKSPACE CLOUD An overview of our best practices
SECURITY in the RACKSPACE CLOUD An overview of our best practices Security in the Rackspace Cloud Cover Table of Contents 1. INTRODUCTION 3 2. GENERAL SECURITY 5 2.1. Spheres of Responsibility 5 2.2. Physical
More informationVERSION DATE NAME DESCRIPTION
Call2Recycle GreenTrax Web Portal Security Application v.1.0_20150615 DRAFT Revision History VERSION DATE NAME DESCRIPTION Original 1.0 5/26/2015 Joe Walker Original Revision 1.1 6/15/2015 Joe Walker First
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationRackspace IT Industry Service Report
Rackspace IT Industry Service Report A study into the cost of poor IT customer service Rackspace IT Industry Service Report A study into the cost of poor IT customer service PAGE: 1 TABLE OF CONTENTS DESCRIPTION
More informationSingle Sign-on for Office 365, Microsoft Azure and On-Premises Environments:
Single Sign-on for Office 365, Microsoft Azure and On-Premises Environments: Configuring and Deploying Active Directory Federated Services in a Hybrid Architecture Single Sign-on for Office 365, Microsoft
More informationRackConnect User Guide
RackConnect User Guide Updated: November 8, 2011 RackConnect User Guide Page 2 of 15 DISCLAIMER This RackConnect User Guide (the Guide ) is for informational purposes only and is provided AS IS. The information
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationSecurity is a Partnership
Security is a Partnership Written by J.R. Arredondo Director, Product Marketing Security is a Partnership Cover Table of Contents 1. Introduction 2 2. The Increasing Complexity of Security 3 and Compliance
More information1. Before You Shop: INTRODUCTION:
INTRODUCTION: HOSTED EXCHANGE 2013 BUYER S GUIDE: YOUR STEP-BY-STEP GUIDE TO FINDING A BETTER EXCHANGE The recent end of support for Exchange 2003 and widespread adoption of Exchange 2013 has more organizations
More informationA Tale of Two Workloads
A Tale of Two Workloads USING OPENSTACK AND VMWARE VSPHERE TO BUILD A HYBRID SOLUTION CONTENTS. Executive Summary. 2 Understanding the Challenges. 2 Development of a Two-Workload Strategy. 3 Understanding
More informationUnderstanding Sage CRM Cloud
Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4
More informationClever Security Overview
Clever Security Overview Clever Security White Paper Contents 3 Introduction Software Security 3 Transport Layer Security 3 Authenticated API Calls 3 Secure OAuth 2.0 Bearer Tokens 4 Third Party Penetration
More informationBuilding Your Ecommerce Strategy
Building Your Ecommerce Strategy Four Steps for Getting Started Written by: Lizetta Staplefoot, Online Marketing Content Strategist Building Your Ecommerce Strategy Cover Table of Contents Getting Started
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationINTRODUCTION... 2 THINK LIKE A CFO... 3 WHAT S A CIO TO DO?... 3 THE CAPEX VS. OPEX DIVIDE... 3 TODAY, CAPEX IS OUT AND OPEX IS IN...
INTRODUCTION... 2 THINK LIKE A CFO... 3 WHAT S A CIO TO DO?... 3 THE CAPEX VS. OPEX DIVIDE... 3 TODAY, CAPEX IS OUT AND OPEX IS IN.... 4 AN EXAMPLE: BUYING A LASER PRINTER... 5 AN ALTERNATIVE: OUTSOURCING
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationBuilding Secure, Scalable and Highly Available Magento Stores, Powered by Rackspace Solutions
Building Secure, Scalable and Highly Available Magento Stores, Powered by Rackspace Solutions A Closer Look at Ecommerce Reference Architectures Mahesh Gandhe, Sr. Solutions Manager for Ecommerce and SaaS/ISV
More informationdocs.rackspace.com/api
docs.rackspace.com/api Rackspace Cloud Backup Release (2015-09-09) 2015 Rackspace US, Inc. This document is intended for software developers who are interested in developing applications using the Rackspace
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationUnderstanding Enterprise Cloud Governance
Understanding Enterprise Cloud Governance Maintaining control while delivering the agility of cloud computing Most large enterprises have a hybrid or multi-cloud environment comprised of a combination
More informationFully Managed, High-performance Cassandra Service Powered by DataStax Enterprise
Fully Managed, High-performance Cassandra Service Powered by DataStax Enterprise Fully Managed, High-performance Cassandra Service Cover Table of Contents 1. Introducing Managed Cassandra 1 2. Challenges
More informationTroux Hosting Options
Troux Hosting Options Introducing Troux Hosting Options Benefits of a Hosted Troux Environment...3 Convenience...3 Time-to-Value...3 Reduced Cost of Ownership...3 Scalability and Flexibility...3 Security...4
More informationFamly ApS: Overview of Security Processes
Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL
More informationManaging the Transition to IT as a Service Broker
Managing the Transition to IT as a Service Broker Successfully moving to new IT structure requires focus on the human side of the equation Contents Executive Summary. 2 Introduction: IT at the Crossroads.
More informationPCI-DSS Compliance in Rackspace Hybrid Cloud
PCI-DSS Compliance in Rackspace Hybrid Cloud Written by Mahesh Gande, Senior Solutions Manager Francis Ofungwu, Product Manager for Rackspace Security Solutions Jarret Raim, Rackspace Cloud Security Product
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationThe Mobile Effect - The impact of smartphones & tablets on impulse buying
The Mobile Effect - The impact of smartphones & tablets on impulse buying A Rackspace Market Study & Analysis Report The Mobile Effect - The impact of smartphones and tablets on impulse buying PAGE: 1
More informationBirst Security and Reliability
Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their
More informationA Look Back at. Expert Answers to your
A Look Back at 2012 Expert Answers to your Top SharePoint Questions Microsoft SharePoint is the most popular application of its type ever created. According to Microsoft, more than 65,000 companies manage
More informationSimone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationRackspace Cloud Big Data Platform On-demand Big Data processing platform
Rackspace Cloud Big Data Platform On-demand Big Data processing platform Rackspace Cloud Big Data Platform: On-demand Big Data Processing Platform Cover Table of Contents Introduction 1 Challenges of Managing
More informationWhite Paper. BD Assurity Linc Software Security. Overview
Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about
More informationCONTENT OUTLINE. Background... 3 Cloud Security... 3. Instance Isolation:... 4. SecureGRC Application Security... 5
Page 2 Disclaimer THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF THE LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationConnectivity to Polycom RealPresence Platform Source Data
Polycom RealAccess Security White Paper The Polycom RealAccess service is delivered using the Software as a Service (SaaS) model. This white paper outlines how the service protects sensitive customer data
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationManaging the Transition to IT as a Service Broker Successfully moving to new IT structure requires focus on the human side of the equation
Managing the Transition to IT as a Service Broker Successfully moving to new IT structure requires focus on the human side of the equation Managing the Transition to IT as a Service Broker Cover Table
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationMirantis OpenStack Express: Security White Paper
Mirantis OpenStack Express: Security White Paper Version 1.0 2005 2014 All Rights Reserved www.mirantis.com 1 Introduction While the vast majority IT professionals are now familiar with the cost-saving
More informationSecurity and Data Protection for Online Document Management Software
Security and Data Protection for Online Document Management Software Overview As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationRackspace Cloud Databases Cover. Rackspace Cloud Databases Fast. Open. Fully managed.
Rackspace Cloud Databases Cover Rackspace Cloud Databases Fast. Open. Fully managed. Table of Contents 1. Introduction 1 2. Key Challenges of Managing Relational Databases 2 3. The Benefits of Cloud Databases
More informationVMware vcloud Air Security TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects
More informationThe Anti-Corruption Compliance Platform
The Anti-Corruption Compliance Platform DATA COLLECTION RISK IDENTIFICATION SCREENING INTEGRITY DUE DILIGENCE CERTIFICATIONS GIFTS, TRAVEL AND ENTERTAINMENT TRACKING SECURITY AND DATA PROTECTION The ComplianceDesktop
More informationLive Guide System Architecture and Security TECHNICAL ARTICLE
Live Guide System Architecture and Security TECHNICAL ARTICLE Contents 1. Introduction... 2 2. Hosting Environment... 2 2.1. Standards - Compliancy... 3 2.2. Business Continuity Management... 3 2.3. Network
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationHow To Manage A Privileged Account Management
Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least
More informationCloud Contact Center. Security White Paper
Cloud Contact Center Security White Paper Introduction Customers communicate with organizations in a variety of forms from phone conversations to email, web chat and social media. As each interaction may
More informationOracle Hospitality OPERA Cloud Services Security Guide Release 1.20 Part Number: E69079-01. April 2016
Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 Part Number: E69079-01 April 2016 Copyright 2016, Oracle and/or its affiliates. All rights reserved. This software and related documentation
More informationThe Incremental Advantage:
The Incremental Advantage: MIGRATE TRADITIONAL APPLICATIONS FROM YOUR ON-PREMISES VMWARE ENVIRONMENT TO THE HYBRID CLOUD IN FIVE STEPS CONTENTS Introduction..................... 2 Five Steps to the Hybrid
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationSAS 70 Type II Audits
Thinking from IntraLinks SAS 70 Type II Audits SAS 70 Type II Audits Ensuring Data Security, Reliability and Integrity If your organization shares sensitive data over the Internet, you need rigorous controls
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationCuring The Migration Migraine With SharePoint Hosting
Curing The Migration Migraine With SharePoint Hosting 1 Microsoft SharePoint is a remarkable success, with more than 70% of all enterprises currently using some version of the product. Adoption rates for
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationKeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationHadoop is hard. Rackspace makes it easy.
Rackspace Managed Big Data Platform Hadoop is hard. Rackspace makes it easy. Rackspace Managed Big Data Platform Cover Table of Contents 1. Introduction 1 2. Challenges of Managing Hadoop 2 3. Managed
More informationCloud Contact Center. Security White Paper
Cloud Contact Center Security White Paper Introduction Customers communicate with organizations in a variety of forms from phone conversations to email, web chat and social media. As each interaction may
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationHEC Security & Compliance
HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationCA Arcot RiskFort. Overview. Benefits
PRODUCT SHEET: CA Arcot RiskFort CA Arcot RiskFort CA Arcot RiskFort provides real-time protection against identity theft and online fraud via risk based, adaptive authentication. It evaluates the fraud
More informationThe Elephant in the Room
The Elephant in the Room Cloud Security and What Vendors and Customers Need To Do To Stay Secure Through this year-long series of whitepapers and webinars, independent analyst Ben Kepes will be building
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationHow To Protect Your Data From Being Stolen
DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS
More informationIntroduction to Virtual Datacenter
Oracle Enterprise Manager Ops Center Configuring a Virtual Datacenter 12c Release 1 (12.1.1.0.0) E27347-01 June 2012 This guide provides an end-to-end example for how to use Oracle Enterprise Manager Ops
More informationIBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet
IBM PowerSC Security and compliance solution designed to protect virtualized datacenters Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationItron Cloud Services Offering
Itron Cloud Services Offering WHITE PAPER TABLE OF CONTENTS Introduction... 3 Types of Services... 3 Software as a Service (SaaS)...3 Managed Services...3 On-site Managed Services...3 Benefits... 3 Infrastructure...
More informationSaaS architecture security
Introduction i2o solutions utilise the software as a service (or SaaS) model because it enables us to provide our customers with a robust, easy to use software platform that facilitates the rapid deployment
More informationYou Can Survive a PCI-DSS Assessment
WHITE PAPER You Can Survive a PCI-DSS Assessment A QSA Primer on Best Practices for Overcoming Challenges and Achieving Compliance The Payment Card Industry Data Security Standard or PCI-DSS ensures the
More informationrackspace.com/cloud/private
TM rackspace.com/cloud/private Rackspace Private Cloud Active v 4.0 (2013-06-25) Copyright 2013 Rackspace All rights reserved. This document is intended to assist Rackspace Private Cloud customers in updating
More informationStarting the Journey to Managed Infrastructure Services
Starting the Journey to Managed Infrastructure Services A GUIDE TO SELECTING INITIAL WORKLOADS FOR MIGRATION CONTENTS Executive Summary. 2 A New Age of Innovation. 2 IT Has Reached the Pivot Point. 3 The
More information1 Introduction 2. 2 Document Disclaimer 2
Important: We take great care to ensure that all parties understand and appreciate the respective responsibilities relating to an infrastructure-as-a-service or self-managed environment. This document
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More informationCONTENTS. Security Policy
CONTENTS PHYSICAL SECURITY (UK) PHYSICAL SECURITY (CHICAGO) PHYSICAL SECURITY (PHOENIX) PHYSICAL SECURITY (SINGAPORE) SYSTEM SECURITY INFRASTRUCTURE Vendor software updates Security first policy CUSTOMER
More informationSecurity Whitepaper. NetTec NSI Philosophy. Best Practices
Security Whitepaper NetTec NSI provides a leading SaaS-based managed services platform that to efficiently backup, monitor, and troubleshoot desktops, servers and other endpoints for businesses. Our comprehensive
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationtwilio cloud communications SECURITY ARCHITECTURE
twilio cloud communications SECURITY ARCHITECTURE July 2014 twilio.com Security is a lingering concern for many businesses that want to take advantage of the flexibility and ease of cloud services. Businesses
More informationProjectManager.com Security White Paper
ProjectManager.com Security White Paper Standards & Practices www.projectmanager.com Introduction ProjectManager.com (PM) developed its Security Framework to continue to provide a level of security for
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More information