Security
Because security is at the top of every list when evaluating cloud computing, Bluelock has worked to incorporate security into every aspect of our cloud hosting services as evidenced by our SAS-70 Type II certified data center. Countless stringent security policies and procedures and a set of managed security services are either offered as part of our standard hosted virtual server or as an add-on service. You can be confident that critical data stored in the Bluelock Cloud is safe and secure – the included network security capabilities help prevent malicious attacks on critical systems and ensure only authorized users can access systems hosted in the Bluelock Cloud.
THE BLUELOCK DIFFERENCE: A SECURE CLOUD
Physical Security
The first step in providing a secure computing environment is physical security. Purpose-built from the ground up as physically hardened data centers, our facilities provide mission critical environments to house your most critical IT assets. Each facility has a large network backbone, fully redundant power and cooling and a high density / blade server friendly design. Each facility is located away from major environmental risks like hurricanes or earthquakes and leverages some of the lowest power utility costs in the country to provide a very safe and economical solution.
On a physical level, access to the Bluelock facility is limited to authorized personnel only using on-premise security systems and access controls using biometric, card key and coded entry. A log of access to the building and data center is continuously maintained and is reviewed by Bluelock operations personnel. Video surveillance is maintained 24x7x365 at the Bluelock facility and each camera is connected to one of several digital video recorders capable of storing thousands of hours of footage.
Operational Security
Administrative access to client systems is logged and reviewed by Bluelock operations personnel on a regular basis. Each operating system within each virtual machine maintains detailed system logs and these logs are reviewed as a part of authorizing users for access to systems. In addition, client firewalls maintain a authorization log of remote access methods such as SSL or IPsec VPN as well as a log of what firewall rules are configured and when they are changed (and by whom).
For both hosted Windows Server 2008 and RedHat Enterprise Linux virtual servers, Bluelock uses industry-leading patch management and security policy auditing software to ensure that managed operating systems remain compliant. Operating system vendors’ patches are applied on a regular schedule and reports are provided to show what patches are applied to managed virtual servers. Additionally, compliance reports showing each hosted machine’s security settings are available and any exceptions can be remediated automatically.
Network / Application – level Security
Bluelock provides all of its Cloud clients with dedicated VLANs, which ensures isolation from all other clients. At the environment level, security includes enterprise-class firewalls. These fully-managed devices are also virtual machines in high availability mode for maximum fault tolerance. That means that, just like Bluelock virtual servers, if the underlying physical hardware fails, the firewalls recover on hot spare physical servers running in the Bluelock virtual cloud infrastructure. Additional network security, such as Intrusion Detection Services (IDS) and Intrusion Prevention Services (IPS) are also available.
Within the Virtual Cloud Enterprise environment, all clients are provided a dedicated Checkpoint virtual machine appliance which provides firewall services and can optionally support Intrusion Prevention and Intrusion Detection capabilities as well as Web Application firewalls. Since Bluelock uses solutions from Check Point Software, “Software Blade” modules can be added to the client’s enterprise firewall deployment to provide these additional capabilities.
The Check Point IPS Software Blade provides complete, integrated, next generation firewall intrusion prevention capabilities at multi-gigabit speeds, resulting in industry-leading total system security and performance. The IPS Blade provides complete threat coverage for clients, servers, OS and other vulnerabilities, malware/worm infections, and more. The Multi-Tier Threat Detection Engine combines signatures, protocol validation, anomaly detection, behavioral analysis, and other methods to provide the highest levels of network IPS protection. By quickly filtering 90% of incoming traffic without requiring deep inspection, the IPS engine inspects for attacks only on relevant sections of the traffic, thus reducing overhead and increasing accuracy.
IPS SECURITY FEATURES |
|
| Multi-Method Detection Engine |
|
| Real-Time Protection |
|
| DoS Mitigation Engine |
|
The Check Point Web Security Software Blade provides a set of advanced capabilities that detect and prevent attacks launched against the Web infrastructure. The Web Security Software Blade delivers comprehensive protection when using the Web for business and communication.
WEB SECURITY FEATURES |
|
| Malicious Code Protections |
|
| Application Layer Protections |
|
| Information Disclosure Protections |
|
| HTTP Protocol Inspections |
|
- Bluelock data centers comply with PCI-DSS and have SAS 70 Type II certification.
Featured Resource
