Concerning Cloud Security – part 2

Following on from our previous post, “Concerning Cloud Security“, We asked our consultants a number of questions, to address some of the concerns there might be in regards to using a cloud hosting solution.  If you have additional questions you want addressed, please feel free to post a comment below, contact us on 1890 911 211 or contact your nearest Evros Technology Group office:

Are the right security measures in place?

Our consultants have mane years of experience working with storage, servers, switches and security appliance.  Furthermore, our consultants has also attended highly specialised training course and obtained accreditations in many areas.  This knowledge allows us to be proactive and to understand the concerns our clients have.  Based on this wast pool of experience, we designed and built the hosting environment, and implemented best practices from key technologies.

Within our hosted environment, we have deployed and configured network firewalls, application firewalls, load balancing, antivirus, intrusion detection & prevention systems and several other measures to secure design and implementation.  These systems are monitored 24/7 and appropriate actions are initiated if certain events are triggered.

Are there written agreements regarding the application of patches, etc.?

Like in of our client engagements, we ensure that these have the necessary agreements in place.  This is not only to ensure that the service is well formulated, but also to make sure that our client understand the SLAs we use to measure our performance.  For cloud/hosting solutions, these SLAs are tend to be of greater importance for our clients, given the fact we are hosting client information, and this information is accessed regularly and a key component of any business.  Access to this information is critical, and we want to make sure our clients get top service, and have reliable access to its data.

Many times, these agreements include detailed information about maintenance windows, security patching and various application/OS updates.  Again, these are to ensure that our clients have visibility of these, so they can plan business activities around these events.

Furthermore, all our agreements have clear definitions of the various components offered or included in the agreement, such as service availability, incident response, technical compliance and vulnerability management.

Clients should receive regular updates and reports, to highlight and support the SLA process.

Are there any penalties in place, if data is lost?

As part of the SLA, we have agreed penalties with each clients, to show our commitment on securing their data and providing uninterrupted access to their data.   In tandem we have enabled safeguards and procedures, to avoid data loss.

Our current availability

Availability is essential to any hosting and/or cloud service.  It’s what the clients expect a rely on.  HiberniaEvros and Digital planet is pleased to share the recent metrics with our readers;

– 100% for 2012

– 99.995 for the last 12 months

What data is available, related to availability and security, and how often is it provided?

In parallel with the SLA process, and regular review points, we also assess the current security vulnerabilities, and how these can we addressed.  It is important to remember, that some updates may require outages, and will have to be completed in conjunction with the business.  HiberniaEvros will not take a system down for maintenance or patching, without the approval of the client.

Based on feedback and trends, we are currently developing a customer portal that will contain this information, specific to their systems.  In the meantime, we notify all customer of any issue that effects availability or security.

How often is security measures audited?

Security is an ongoing process but separate security audits are performed quarterly.  All systems are patched regularly, in line with recommended patches from hardware and software vendors.  Some patches will require immediate actions, and these will be communicated with our clients.

How is personal data managed and secured?

That’s fairly simple.  We don’t store personal data in this environment.

Who have access to the data; nominated staff or all staff?

Only nominated and named support staff have access to the infrastructure.  This should be discussed with you as a client and be covered in your service agreement.

Is data stored on same hardware as other clients?

One of the economy of scale benefits when using hosted environments, is that the hardware is shared across multiple clients to get the most out of the hardware.  However, clients only have access to their on data and this is stored on separate virtual partitions on a shared SAN.   For customers with specific requirements in relation to this, we do have private cloud options with dedicated physical storage.  Please contact HiberniaEvros to discuss this in more detail – if required.

What best practice or methodology is being applied to the data center; COBIT, ITIL, ISO, etc.

All our consultants have attend vendor training courses, and have achieved accreditations in the supported technologies.  In tandem, we also want to show our clients that our processes are following best practice, and as a result, our datacentre is SAS70 and ISO27000 certified.  We are currently preparing to extend the ISO27000 certification to include our cloud platform and support systems.  Our support desk is ITIL compliant.

What tools have been deployed to protect data; firewalls, intrusion detection, alerts

All of the above, we provide separation of data for each customer with the same controls in place that you would find in an enterprise IT environment.  Security is essential to a reliable infrastructure, and we use the latest technologies to safeguard hardware, software and most importantly your data.