Security and Compliance
Security is a critical integral component of Cloudistics. Our security approach helps our customers alleviate the burden of worrying about security so that they can focus on creating and consuming applications that drive business strategy. Some of the key features and benefits of the Cloudistics security implementation include:
- Distributed firewalls
- Application security profiles
- SaaS-based management
- Secure control plane
- Data-at-rest encryption
- Government standards compliance
- Two-factor authentication
- Security testing
Traditional purpose-built networks offer perimeter-based protection, but they cannot guard against threats that may exist within the network. Cloudistics delivers highly granular security controls using micro-segmentation on a per application basis. Micro-segments offer complete isolation of each micro-segment from all other micro-segments and provide a zoned defense on a per application basis.
With the ability to set up micro-segments within minutes, Cloudistics combines ease of use with high levels of control, limiting any effects of application exploits to an application’s micro-segment.
Cloudistics employs distributed firewalls for added security. As the name suggests, distributed firewalls are deployed across the platform on all compute nodes. With distributed authorization, rather than a single, traditional firewall, network traffic is no longer evaluated only at one point on the network but is evaluated or authorized at every network endpoint.
Application security profiles are defined via a combination of micro-segmentation and distributed firewalls. While firewall security policies allow or block traffic on a given micro-segment (or VNET), application security profiles layer in ‘allow but scan’ rules on top of firewall policy, which invoke scanning of authorized applications for threats, such as viruses, malware, spyware, and DDOS attacks.
The Cloudistics platform is managed by a single, secure SaaS portal, the Ignite Cloud Controller. Cloudistics separates the management services from on-premise infrastructure to deliver increased business agility with greater flexibility and speed of service provisioning. Unlike other management systems, the Ignite Cloud Controller maximizes security by leveraging an ‘inbound-only’ approach. This way you are not required to open any inbound firewall ports; only outbound ports. All communication is initiated from the on-premises infrastructure in your datacenter to the SaaS portal by using SSL and TLS encryption. Upon authentication, the SaaS portal communicates back with the on-premises infrastructure. Importantly, the SaaS portal does not hold any sensitive customer data, which protects on-premise infrastructure and data.
The Cloudistics platform simultaneously offers both logical and physical multi-tenancy. Multi-tenant partitions are created by using virtual datacenters. Virtual datacenters use authentication, authorization, and role-based access control to create the logical partition between tenants on the shared platform. For physical multi-tenancy, Cloudistics uses "migration zones,” compute categories and compute "tags,” which apportion physical partitions for true isolation of individual tenants.
The control plane uses industry standard secure and encrypted communication between the Ignite cloud controller and the infrastructure (storage, compute, and network). This secure method provides confidentiality, integrity, and authentication through encrypted channels. Control plane encryption protects against “man-in-the-middle” and other attacks that could compromise network security.
To enable businesses to safeguard their data to meet their organizational security and compliance requirements, Cloudistics encrypts all data residing in the storage pool by default. All data residing in the storage pool is automatically encrypted prior to persisting to storage and is decrypted prior to retrieval. Encryption, decryption, and key management are transparent to users. Additionally, customers seeking to achieve NIST FIPS 140-2 Level 2 compliance have the option of using a KMIP-compliant key management service to manage encryption keys.
Cloudistics automatically secures each customer’s platform to the highest standards. The Cloudistics Spark Guardian Edition powered by Red Hat is accredited and validated to meet government compliance standards, including:
- Common Criteria (CC)
- FIPS 140-2
- Secure Technical Implementation Guidelines (STIG)
- USGV6 (DOD IPv6)
- USGv6 Tested Product List
Additionally, Cloudistics is compliant with HIPAA-specific policies, procedures, and safeguards to protect client data and PHI, in accordance with HIPAA guidelines.
Cloudistics uses two-factor authentication (2FA) security measures to prevent unauthorized access to user accounts in the SaaS management portal. By requiring more than one factor during the authentication process, there is increased assurance the user’s access is authorized.
Cloudistics uses a third-party security audit organization to perform regular penetration testing to ensure critical security tests are performed by experienced and skilled auditors from outside the company. Each audit helps determine the extent of vulnerabilities not detected through regular in-house audits. As well, these audits gauge the adequacy of incident management procedures and performance of the incident management team.