Public Cloud Security

Security for your public cloud based systems

SecureNet Consulting gives IT departments the flexibility to choose the deployment option that matches the needs of their organisation. With secure, scalable options for both cloud and on-premise, you can be sure your deployment choice will live up to the demands required for effective endpoint data protection and governance.




> Protect your systems and data in the public cloud
(amazon Web Services (AWS), Microsoft Azure, and VMware vCloud air…to name but a few) 

> Extend enterprise class security and policy enforcement into and from the cloud
 
> Protect your virtual server (VMs) instances, SDN in the cloud




The Challenge
Given the constant pressure that CIOs are under to improve the return on investment (ROI) and reduce the total cost of ownership (TCO) of IT solutions, it should come as no surprise that the cloud is a serious consideration for most organisations.

Cloud computing extends an enterprise’s ability to meet the computing demands of

its everyday operations. With the growing number of organisations taking advantage of cloud computing, and service providers building public clouds, the security model is further challenged to effectively host these virtualised computing workloads.

In spite of the many advantages of a public cloud, you still need to exercise caution before moving to a public cloud.

When IDC recently conducted a survey of 244 IT executives/CIOs and their line-of-business (LOB) colleagues to gauge their opinions and understand their companies’ use of IT cloud services, security ranked first as the greatest cloud computing challenge. When a server is moved to public cloud resources, the datacenter perimeter offers no protection, as these virtualised servers now provide administrative access directly over the Internet. Problems already faced in the datacenter, such as patch management and compliance reporting, become commensurately more complex as a result. The only relevant protection in the cloud is the lowest common denominator that the vendor can provide on its perimeter—or whatever an organisation can equip its virtual machine with to defend itself, since it is hosted on servers alongside other organisations’ workloads.

Solutions Features & Benefits

> Enable on-demand security within Amazon AWS 
Automated VM monitoring, dynamic virtual extended address groups and fully integrated API allow you to proactively monitor changes in your EC2 instances.


> Shield against known and unknown vulnerabilities in web, operating systems and enterprise applications
With virtual server firewalls with IPS (Intrusion Prevention)


> Encryption

Data Encryption

• Encrypted at the source device (before transmission)
• Encrypted in Transit (encryption transport tunnel)
• Can never be decrypted by anyone the cloud provider - without authenticated and authorised access to the encryption keys stored in the master server.

Encryption Key Custody  
Encryption keys is given to the customer, and no access provided to the cloud provider.



> Deploy applications quickly and easily from cloud servers

> UK Data sovereignty - based in tier 3 data centres

> International Data Centre Solutions

Managed data centres are currently located in:

• the United States in Atlanta, Ga.; Minneapolis, Minn. Quincy, Wash.;
• Dublin,
• Singapore,
• Sydney and
• Tokyo.

> Data Backup to Public Cloud

• Data de-duplication provided to reduce storage costs

> Cloud Access Control

• Directory services integration for real-time enterprise access and permissions
• Active Directory integration
• Single Sign-On
• Access control for Office 365 and any other SaaS / cloud provider. 

> Compliance
Coverage for PCI DSS 3.0, as well as HIPAA, NIST, and SAS70

Providing detailed, auditable reports documenting prevented attacks and policy compliance status, reducing the preparation time required to support audits.

> Cloud Server Protection

Virtual Server firewall
Virtual machine isolation: enabling virtual machines to be isolated in cloud computing or multi-tenant virtual environments, providing virtual segmentation without modifying virtual switch configurations.

Fine-grained filtering: filtering traffic with firewall rules on: IP addresses, Mac addresses, ports, and more. Different policies can be configured for each network interface.

• Intrusion Prevention System (IPS)
• Web Server / Application Protection
• Anti-virus / Anti-spyware / Anti-malware
• Vulnerability Scanning & Patch Management
• Log Inspection

> Data Protection

• Data Loss Prevention (DLP)

• Email System Protection

• Cloud Data Storage Encryption 

• Segregation of Customer Data

• Ensure your data within multi-tenanted platforms are protected 

• Amazon S3

• Encryption & Authentication Key Management in the Cloud (Public & Private)

• Key management for encryption and authentication in the Cloud is modelled after a bank lockbox system, in which both parties hold part of the key.
  The encryption and authentication keys are mutually shared between the customer and the Cloud. Consequently, neither has full, unencrypted access to any data on the cloud independently. 

 

• Application Control 
• Rules that provide increased visibility into, or control over, the applications that are accessing the network, servers and data. These rules can also be used to identify malicious software accessing the network, or to reduce the vulnerability of your servers

 

• File and system integrity monitoring for compliance 
• configuration change monitoring and logging

> Connectivity and Networking to the Cloud

• IPv6 Support
• WAN Optimisation & Web Caching

Also See

> Private Cloud and Hybrid Cloud solutions

---

Contact us today to discuss your requirements in more detail.

P: +44(0)7714 209927 S: +44(0)1273 329753

info@securenetconsulting.co.uk

---