FIREHOST OVERVIEW cloud is fine for core, granular, Public non- critical business functions. But Secure Cloud Hosting. No Compromises. is an exception... many enterprises are moving mission critical workloads to their cloud. Wendy Nather 451 Group The most advanced and complete secure cloud solution available Every server is protected by the Intelligent Security Model, powered by best in class technology and high performance components, compliant beyond your requirements, and includes complete service. Experience what many are calling the most complete hosted solution, seeing for yourself what it is like to have real power and security behind your applications. Enterprise Security 's Intelligent Security Model provides multiple layers of protection from the physical data center all the way through to the database. Security is the core of 's infrastructure, not something that's been bolted on. Beyond Compliance Enterprise Beyond SECURITY COMPLIANCE The infrastructure exceeds the compliance mandates for HIPAA and PCI DSS with a secure, validated cloud. This auditor friendly environment protects healthcare and payment businesses of all sizes from the risk of crippling cybercrime. Benchmarked Performance Only hardware, software, systems and configurations designed specifically for high performance, production workloads meet the entry criteria for 's secure cloud. Secure servers are ranked #1 for performance in 3rd party benchmarks. Trusted By Complete Service SECURE Proactive support meets control and visibility. With over 24 distinct points of service, a robust API and a powerful portal, serves as an extension of any IT department. We take pride in providing automation with a human touch. Cloud Benchmarked Complete PERFORMANCE SERVICE Global Data Centers LHR01 London, UK PHX01 Phoenix, AZ DFW01 Dallas, TX SIN01 Singapore, SG AMS01 Amsterdam, NL Data Center Locations CDN Points of Presence DNS Points of Presence Secure MPLS Network Page 1 v. 4.1
ENTERPRISE SECURITY How We Solve Security: The Intelligent Security Model The exceptional protection of 's Intelligent Security Model stems from the experience of blocking over half a billion attacks. Our ISM provides: Tracking of cybercrime attack vectors at a macro level Reaction to threats in a way that benefits your infrastructure, as well as the security community Multiple layers of enterprise hardware, patched software, and expert system configurations Specialized security engineers proactively monitoring live security data points around the clock Known Bad IPs 200,000+ Cross-Site Scripting DoS/DDoS Attacks blocked/month packets mitigated MILLIONS 500,000+ blocked/day SQL Injections Cross-Site Request Forgery blocked/month blocked/month 200,000+ of Directory Traversal 300,000+ 200,000+ blocked/month LEARN Payment Compliance High Traffic m to Cu s Security Po li Isolated Cu s Isolated Cu s Cu s m to Security Po li es ci Security Po li es ci Healthcare Compliance m to es ci Security Po li es ci m to Isolated PROTECT Global Continuity Ports 80/443 (Public) No Public Access Segmentation and Additional Security Measures for Non-Public Access Two Factor Authentication L2L Connection SSL VPN Access MPLS Termination Fibre Channel Connectivity Physically Isolated SAN Privileged Access Management Complete Data Obfuscation Page 2
ENTERPRISE SECURITY What We Do Best Above all, is a security company. Providing many layers of protection and service from the physical data center all the way through to your database, our ability to help customers stems from the belief that security is not a feature that can simply be bolted-on to infrastructure at any point. Security is not optional, it's required. Creating Effective Security Reinforce the messaging of corporate responsibility and care of customer data Becoming compliant for PCI/HIPAA Making the PCI/HIPAA compliance process efficient and cost effective Removing the burden of data security in a companyʼs environments Finding a True Hosting Partner a partner who interacts on all layers of the stack, openly welcomes audits/questionnaires, and is willing to engage Creating operational freedom by supporting high intensity applications in the cloud The Secure Cloud Topology As depicted in this sample topology, every cloud server is isolated through hypervisor based firewall technology. This allows clients to deploy a cloud infrastructure with unlimited security zones for the most granular protection available. Look no further for an extremely secure and highly scalable hosting platform, fully managed by expert engineers around the clock. Secure Access Public Traffic Redundant Multi-Factor Authentication Redundant SSLVPN/L2LVPN Secure Access Redundant MPLS Termination Routers w/ip Reputation Filtering DoS/DDoS Mitigation Vulnerability Monitoring Malware Protection Jason Verge 451 Research ware Hypervisor (Hardened) Blade/SAN Architecture High Availability Architecture 20 Gbps Network (Public & Private) Per Firewall Policies Unlimited Security Zones Web Servers Load Balancers LB LB SECURITY ZONE Application Servers SECURITY ZONE Database Servers Isolated Environment Integrity Monitoring Isolated Environment Web Application Firewalls Just as flexible and secure as a much more costly managed private cloud, the only other option comparable in terms of this level of security and flexibility Intrusion Detection Log Management Patch Management SECURITY ZONE SSD Acceleration Secure Remote Access Physically Isolated Network Secure Jump Hosts Privileged Access Management Full Session Recording High Performance SAN (SSD, SAS, SATA & Raw) 16 Gbps Fibre Channel Connectivity Physically Isolated Secure Storage Area Network Secure Data Deletion and Destruction Complete Data Obfuscation SECURE MPLS Page 3
BEYOND COMPLIANCE Compliance Posture And Certifications Compliance Documentation Upon selection, will provide detailed information to the auditor of choice: InfoSec Policy table of contents, related security infrastructure settings and log documentation, CSIRT policies, and other information relevant to a successful audit of the proposed systems. As a global company we routinely work with regulatory entities such as G-Cloud and NHS in the UK. We will be happy to consult with you regarding data sovereignty in each country should you have questions. PCI DSS Level 1 SSAE 16 SOC 1 / SOC 2 HIPAA / HITRUST ISO 27001 has been validated as a Level 1 Service Provider under PCI DSS for our services. Our validation includes specific PCI DSS controls on which customers can rely. COMPLIANCE has been certified against the Common Security Framework (CSF) from the Health Information Trust Alliance (HITRUST) to address HIPAA compliance requirements. has received SOC 1 Type 2, SOC 2 Type 2, SOC 3 and ISAE 3402 reports. These reports demonstrate the viability of ʼs control program over time. has received a certificate of approval for our control program against the ISO/IEC 27001:2005 standard for Information Security Management Systems. Scope of Compliance: Achieve compliance faster and more cost efficiently Physical Security (IP reputation filtering, DDoS mitigation) Application Security (WAF, OS, webserver, database patching) Server Security Administrative Security Data Backup Secure Data Deletion (hardened OS, patching, AV, Log mgmt, FIM) (secure access, two-factor authentication) (nightly volume based, kept for 14 days) (secure deletion upon service termination) (PCI, HITRUST, SSAE 16, ISO 27001) Access Control (logical access control to servers) Maintain Policies (security policies and procedures) Incident Response Risk Assessment Data Management Application Management (IDS, hypervisor firewall, vuln mgmt, SSL certs) Security Audits Change Control Shared (data center, infrastructure) Perimeter Security Network Security (firewall changes, OS patching) (for customer servers) (annual risk assessment) (DBA duties, encryption, backup beyond FH default) (customer specific applications) Page 4
BENCHMARKED SECURITY Ranked #1 by Global Benchmarks The right cloud performance is critical today as more organizations adopt hosted technology to enhance application performance and cut costs in an increasingly competitive business world. It is critical that IT stakeholders consider the appropriate metrics to deploy clouds that have positive returns on investment without impairing performance in speed, flexibility, reliability, control, efficiency and costs. The cloud is built with: Hardware-assisted virtualization & hyper-threading High-performance hypervisor (ware vsphere) SSD acceleration for high IOPs and blended IO loads High-speed memory and lots of it (1600Mhz) Fibre Channel storage connectivity for low-latency Use technology that is redundant & fault-tolerant Configure high availability clusters Best-in-class technology (Dell M620 Blades, Dell Compellent, Brocade) ATS for scalable lock management Compartmentalize storage & compute resources Leverage dynamic resource allocation Maintain resource capacity An independent third party benchmark study, which included seven cloud hosting providers, measured four performance metrics comparing overall server performance, memory speed, processor speed, and storage speed against a control group consisting of dedicated servers. Server Performance: Terremark vcloud HP Cloud Microsoft Azure AWS EC2 Dell vcloud Rackspace Cloud All instances, across all data center locations received an A rating. A B+ B C CC D Storage Performance: Terremark vcloud HP Cloud Dell vcloud Microsoft Azure Rackspace Cloud AWS EC2 AB C+ Memory Performance: HP Cloud AWS EC2 Dell vcloud Rackspace Cloud Microsoft Azure Terremark vcloud DEDICATED All instances, across all data center locations received an rating. DEDICATED All instances, across all data center locations received an rating. AB+ C+ CCD Processor Performance: Microsoft Azure Rackspace Cloud HP Cloud AWS EC2 Terremark vcloud Dell vcloud DEDICATED All instances, across all data center locations received an A- rating. A- B+ B C CC D DEDICATED Page 5
COMPLETE SERVICE Complete Service Managed Services are a core part of a successful, long-term hosting relationship. Our team focuses on the monitoring and maintenance of a hosting solution so that the in-house IT team can focus on growing the business. This starts with a comprehensive deployment and continues with full management of the server, network, and security services. MANAGED BY FIREHOST Hardware Virtual Environment Physical Environment Network Patching IP Reputation Filtering Secure Storage Log Monitoring Web Application Firewalls Snapshot Backups Vulnerability Scanning Intrusion Detection Network Fibre Channel SAN Malware Protection DDoS Mitigation Network Secure Hypervisor Endpoint Security Security Layers Data Center Secure Cloud Servers Security Zones Firewall Ports SHARED MANAGEMENT Secure Remote Access L2L/MPLS Connections Two-Factor Authentication Operating Systems Databases Applications Data User Access Custom Applications Code MANAGED BY CUSTOMER Page 6
COMPLETE SERVICE Secure Portal An integrated portal and toolset provides reliable control, real-time visibility, and the convenience of mobile access. The secure portal is the central command center for your secure cloud hosting relationship with. View all server resource consumption and history to better gauge your application needs Utilize ʼs unique resource scaling methods to ensure your applications are available at all times Analyze all blocked security threats to your servers to see how, and from where, youʼre being attacked Communicate securely with our expert engineers who are available to help around the clock Get the current network and system status across all global datacenters All reporting features are available to authorized users within the my.firehost.com portal as well as via Restful API. You can see an example of the data reporting within the secure portal below. Reporting on Blocked Hacks Real-time insight into the application layer attacks being blocked from your environment. Convenient Global Management Easily manage all servers, whether they're in the U.S., Europe, or Asia Pacific from the global portal. FluidScale to Scale Without Downtime Server Performance Visibility Advanced FluidScale technology to scale resources up anytime without a server restart. Each secure server's performance metrics are available in real time. Track storage usage. solution advisors help configure the appropriate secure cloud solution for your business Call today: (US: +1) 844 682 2859 (UK: +44) 800 500 3167 or visit: www.firehost.com Page 7
OUR CUSTOMERS Common Challenges Every enterprise faces challenges in providing effective security to remain flexible with providing security to application, databases and dedicated systems. Here are a few of our customers that have solved the security, performance, and speed /flexibility challenge. How They Fixed It They classified their applications into sensitive and non-sensitive systems by specifically targeting brands that could be damaged and looking for 'pivot points', which are systems that could be used to help hackers break into sensitive data. They also sorted out compliant from non-compliant, looking for apps that required stringent controls and would require more complex systems. They then created a data island, effectively removing risk for their sensitive data. Enterprises that trust Common Challenges Solved: Security, performance, speed to market and flexibility Case Usage: Otsuka Otsuka is a pharmaceutical company headquartered in Japan. As of 2012, Otsuka employed 40,000 people worldwide. The company focuses on pharmaceuticals related to nutrition. The company is also known for the popular sports drink Pocari Sweat, as well as the depression drug Abilify. Otsuka needed to follow U.S. government regulations for HIPAA and HITRUST. Otsuka's main purpose for seeking a new hosting vendor was to partner with a company with the capabilities and expertise to securely handle their sensitive data in a HIPAA compliant manner. Otsuka's biggest challenges were: HIPAA/HITRUST compliance Outdated operating system Desire for complete segmentation from the hosting environment and Otsuka corporate 24 or less new server implementations Complications with interconnectivity between servers solved all of these issues in short order, including the deployment of all services (22 servers on original order) in 24 hours with a customer OS template. How Has it Improved Their Efficiency? The project stakeholders have been able to focus on applications and deadlines. All compliance issues are solved with working directly with the Otsuka audit team. Otsuka is benefiting greatly by our speed of deployment and managed support, where deployments are done right the first time. In fact, they continue to say that has, saved our IT staff more time than we can calculate. Page 8