CloudDesk - Security in the Cloud INFORMATION

Transcription

1 CloudDesk - Security in the Cloud INFORMATION

2 INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES 4 ANTI-VIRUS AND PATCHING 4 INTRUSION DETECTION / PREVENTION AND LOGGING 4 STAFF CHANGE CONTROL AND ACCESS MONITORING 4 DATA OWNERSHIP 5 CLIENT DATA 5 ACTIVE DIRECTORY 5 DOCUMENT CONTROL 5 Hosted PC in the Cloud Fully Managed Service Windows 7 Look and Feel Highly Secure with 100% Data Encryption Self-install any Windows Application Choice of User Applications Persaonalise & Customise Flexible Scale Up & Down QMS DOC REF: QMS REC 87, ISSUE NUMBER: 1.1, ISSUE DATE: 15/09/2014, PUBLISH DATE: 12/01/2015. info@

3 security in the cloud This document summarises Calligo s security policies and explains how we protect your CloudDesk data and keep it safe. Cloud computing offers numerous advantages over the traditional delivery of IT using inhouse or hosted systems. This document describes the governance, physical, technical standards and systems that Calligo has implemented. Taken as a whole these deliver the highest levels of protection. governance and information security Calligo has a dedicated team of professionals with responsibility, across all areas of the organisation, for Security & Compliance. This includes product development, the delivery of services and the day-to-day management of the company. The Chief Security Officer, who is a member of the executive management team for Calligo, leads the Security & Compliance group. Calligo is an Accredited Quality Management System (QMS) company as specified in ISO 9001:2008. The scope of Calligo s QMS comprises Service Delivery, Project Management, HR and Supplier Management. Within the Security & Compliance group we have a dedicated Standards & Compliance Manager, who is professionally trained as a lead auditor, to maintain and improve its quality, both internally and to our clients. In addition, Calligo has implemented its own Information Security Management System (ISMS) across all areas of the business. This is based on and independently accredited to ISO :2013, which is considered the industry standard for information security management. Calligo ensures the constant integration of best practice and operational conformance to its published policies and procedures. We achieve this by an internal audit process that ensures that the activities undertaken by the team are fully inline with our internal processes, and where necessary supplement this with third party audits, an example of this would be the external audit undertaken of Calligo s ISO 27001:2013 implementation. The policies and procedures that Calligo has deployed are fully aligned to the standards that are published by the Cloud Security Alliance (CSA), known as the STAR standards. These extend the ISO standards and reflect best practice that is specific to cloud service providers. Calligo will soon be seeking CSA STAR certification. data centres Calligo uses specialist data centre providers who host our equipment at selected offshore locations. In Jersey & Guernsey we use Sure International, in Zurich we use Interoute and in Cayman we have partnered with MCS. All data centres have the highest level of physical and technical security. The infrastructure design includes: Independent electricity supply from the grid separate transformers and diverse cable routing Multiple standby power generators onsite with diesel stored on-site Uninterruptible power supply systems (battery backup) N+1 Multiple air conditioning units N+1 Fire suppression and VESDA (Very Early Smoke Detection Apparatus) Network communication circuits delivered over multiple carriers and routes All services monitored 24x7. The Jersey & Zurich facilities have ISO certification in place. The Guernsey facility has adopted ISO standards throughout, and will be looking to formally be audited in the coming months. Physical access to the data centres is highly restricted. Calligo has full control over who has access, when access occurs and we also ensure that the standards of the data centre facility are regularly reviewed to ensure compliance. In addition we have a controlled process in place to manage visitor access should it be required, we ensure that this access is limited and controlled typically with proximity card or biometrics. data resilience Calligo uses state of the art hardware including solid state storage platforms with all data being centrally stored on a Storage Area Network (SAN). Calligo s storage system is designed specifically for cloud services providers and provides levels of performance and security rarely seen in older, more traditional storage. Data is stored using 128-bit AES encryption. The distribution of keys is secure, as the key is never stored completely in one place. The key is split and encrypted prior to node distribution. No single node or drive has the key on it at any time. Whenever power is lost on a drive the data stored is inaccessible as it is encrypted. The disk system uses a clustered architecture, providing a highly available system that is designed to be fault tolerant with no single points of failure. A distributed replication mechanism protects data across multiple drives and nodes within a cluster. info@ 3

4 In addition the disk system contains specific features to support multi-tenancy cloud services, destructive data deletion and forensic data discovery. data backup A CloudDesk consists of a C: Drive and a D: Drive. The C: Drive is a system drive and Calligo strongly advises that this is not used to store data. This drive is not backed up if it becomes corrupted Calligo will recreate from a Gold build. The D: Drive, also called Persistent Data Disk, is a personal data drive. Documents saved to the My Documents folder (or a sub-folder of this) will be stored on the D: Drive. The My Documents folder, and sub-folders, are backed up as default for 7 days. My Documents includes Documents, Music, Pictures, Videos and Favourites. This backup is held in the same data centre as your CloudDesk. When you delete a file, such as a Word document or Excel spreadsheet, then a copy of that file will be held in the backup system for a further 7 days and can be restored by Calligo (as a chargeable service) during that period. After 7 days it will be permanently deleted. The above backup service meets the vast majority of operational requirements. If a document is accidentally deleted or overwritten then that is usually realised very quickly, within 7 days, and the document can be restored. But, a regulated business is likely to have more demanding data retention policies and Calligo recommends the use of its CloudCopy service. The CloudCopy service encrypts, compresses and replicates data across two data centres. This backup service provides a very high level of protection and meets, or exceeds, the most demanding security requirements. Clients can define their own data retention policies which for a financial services business might be to retain daily backups for 31 days, month end backups for 13 months and year end backups for 7 years. electronic access to services The CloudDesk service is accessed via the Internet or private communication circuits. The desktop connection sessions provides full encryption of the active session ensuring protection of all transmitted data, preventing interception for key strokes and screen data logging, and preventing Man in the Browser type attacks. Customers may also request VPN (virtual private network) access to their cloud services such as CloudDesk. This is a cost option, but can be provided with PPTP or VPN with a permanent point to point tunnel or dial-up VPN. anti-virus and patching The CloudDesk desktops are protected from viruses and malware using a combination of Microsoft and Trend Micro s protection services. Trend Micro is a leading provider of IT security systems and has invested extensively to deliver products specifically designed for cloud service providers, and is a trusted partner of Calligo. The Windows desktop and Microsoft applications, such as Office, are patched and updated by Calligo. Clients and their end users do not have to worry about undertaking these time consuming tasks. The Trend Micro solution is also available as an option for hosted servers. It is not automatically provided as clients may already have alternative, preferred, options. intrusion detection / prevention and logging Using a combination of security solutions from trusted partners we have built a multi layered deployment Security Platform. It delivers a comprehensive, vendor neutral, adaptive and highly efficient protection service across our environment that defends and protects at every level of the platform, covering areas such as anti-malware, intrusion detection and prevention, firewalls, web application protection, full end to end integrity monitoring and detailed log inspection. This is running in real time across the entire cloud platform. The solution is deployed both internally and externally ensuring full defense at multiple layers throughout the environment. In addition, Calligo employs a detailed policy to log all user access to any and all services (such as hosted desktop and ) storing these information security logs as part of a detailed managed data retention policy. staff change control and access monitoring Calligo engineers that provide support to CloudDesk clients have passed a data competency check. All staff members have references checked and have also signed an encompassing Confidentiality Agreement with Calligo, preventing the disclosure of any sensitive materials in our domain. Access to systems and data is only undertaken by experienced engineering staff that have been granted access by Director or C Level. Staff members are aware that their access to systems and physical access is monitored. Access to all systems and the data contained within is role based, ensuring that control of access is maintained and provided on a needs basis opposed to full access at all times. Any changes to data, systems or infrastructure must be requested through Calligo s formal change management process, with approval required by its change board, which includes executive management approval prior to any changes occurring this ensures that any change that is authorised to occur is fully considered and understood, which includes relevant rollback and reversal processes in the unlikely event that a change must be backed out. Calligo s Change Management policy is ITIL compliant, and is a key area of both its Quality and Information Security Management processes which have been independently reviewed and certified. Quarterly audits are made by the Security & Compliance group to ensure access to data is aligned to roles of staff members, and fully reported to back to the executive management team. user access control and storage separation Authentication and access control measures are fully adopted throughout the CloudDesk platform to prevent inappropriate access to data. Access control usage policies are established for each client to ensure that the correct access permissions are applied to its data, and these are applied using ACL (access control lists), and are periodically reviewed to ensure relevance Each customer s data is logically separated within our storage network and through ACL (access control lists) only approved designated users are granted access. Calligo uses Secure LDAP and Microsoft s Active Directory Services to allow for the administration and control of access to data, with unique access to client data built based on client need. In the case of dynamic services and hosted desktops the session data is also protected by virtualisation technologies (VMware), which allow for user resources at the hardware or software level (memory, processes and CPU units), which provides total security to users info@ 4

5 within these systems, as well as the data they are accessing. Unlike pure terminal services, or Citrix, Calligo clients have their own virtualised and isolated environment to work within not one that is shared by other users. This architecture allows for a great level of security to be applied, not just on data access, but also on the entire virtual session that is used. data ownership Calligo ensures security and privacy of your data and Calligo s terms and conditions of service provide specific guarantees in respect of the ability to off-board. We comply with the principles of the UK Data Protection Act 1998, the Data Protection (Jersey) Law 2005, the Data Protection (Bailiwick of Guernsey) Law 2001 and the Privacy and Electronic Communications (EC Directive) Regulations The eight principles relating to the processing of personal information are: Fairly and lawfully processed Processed for a limited time Adequate, relevant & not excessive Accurate Not kept longer than necessary Processed in accordance with your rights Secure Not transferred to countries without adequate protection Customer privacy and security is of upmost importance to us. We will always follow these principles and ask you how you would like us (or our partners) to communicate with you. CLIENT DATA You can be confident that your data is safe and will always be available to you, and only you. Our managed service protects you from the ever changing threat of viruses and the loss of data. We take responsibility for ensuring that proper security measures are in place to protect your data. Clients have access to their own data at any time, which they can copy, backup and store themselves if required. Client data is not stored in any proprietary format and in the case of service termination the data can be provided to the Client on DVD or other portable digital device subject to a standard services fee. After a Client has exited the service their data is purged from Calligo s systems. active directory The CloudDesk service incorporates Microsoft s Active Directory (AD) service. This allows for granular control of a wide range of services and features. For example, it is possible to lock down a desktop so that it is impossible for an end user to install additional applications. This can be controlled by organisation, department or individual user. Access to shared network folders can be similarly controlled by department or user with control over access rights such as read/ write, read only. By default user passwords are required to be complex (i.e. include a variety of upper, lower case, numbers and special characters), expire regularly and cannot reuse recent. Password policies can be adjusted to reflect a client s policies (may be chargeable), and will ensure that a client s unique security requirement can be built into the solution to be deployed. document control For details visit: Copyright 2015 Calligo Limited. Not to be reproduced without permission. info@