Security is architected into the platform.
Choosing technologies with integrated security hardening is an essential part of ensuring defense in depth and reducing the risks of downtime, data loss, content compromise or disaster. But choosing a private cloud with integrated security isn’t as easy as it sounds. Some vendors treat their security capabilities as proprietary information, while others leave every element of the codebase out for open source public consumption—making it more susceptible to attack.
At Cloudistics, we’ve taken a third approach. Our private cloud platform is architected with security in mind. And we’re completely upfront about our security capabilities, giving you a comprehensive feature set including—but not limited to—authentication, authorization, availability, audit, confidentiality, security monitoring, incident response, policy management and regulatory compliance for a platform that’s safe, secure, and successful.
Read the full description of Cloudistics Security and Compliance here.
With Cloudistics Guardian Edition software, the platform is compliant with FIPS 140-2, Common Criteria, USGv6, and STIG security standards.
Features and capabilities
SECURE CONTROL PLANE
The control plane uses industry standard secure and encrypted communication between the cloud controller management interface and physical infrastructure. Control plane encryption protects against attacks that compromise network security.
DATA AT REST ENCRYPTION
All data residing in the storage pool is automatically encrypted prior to persisting to storage and is decrypted prior to retrieval. Encryption, decryption, and key management are transparent to users. Additionally, customers seeking to achieve NIST FIPS 140-2 Level 2 compliance have the option of using a KMIP-compliant key management service to manage encryption keys.
PEN TESTING AND HARDENING
Cloudistics undergoes quarterly penetration testing, testing our vulnerability resolution as well as our incident management procedures and performance of the incident management team.
Cloudistics delivers highly granular security controls on a per-application basis. We let you set up microsegments within minutes, giving you zoned defense and granular control that’s easy to use.
The Cloudistics platform simultaneously offers both logical and physical multitenancy. Logical partitioning using virtual datacenters (VDCs) for authentication, authorization, and RBAC protects tenants on the shared platform. For physical multitenancy, Cloudistics introduces the construct of “Migration Zones” and “Tags”, which apportion physical partitions for true isolation of individual tenants.
APPLICATION LEVEL SECURITY PROFILES
Built using micro-segmentation and distributed firewalls, security profiles offer a rule-based approach to blocking traffic or allowing traffic once it’s scanned for viruses, malware, spyware, and DDOS attacks.
TWO-FACTOR AUTHENTICATION (2FA)
Cloudistics uses 2FA security measures to prevent unauthorized access to user accounts in the SaaS management portal, cutting the risk of unauthorized access.
Our firewalls reside on all compute nodes, evaluating or authorizing traffic at every network endpoint.
The Cloudistics on-premise cloud platform is managed by a single secure web-based portal, separating the management services from on-premise infrastructure. Built with an ‘inbound only’ approach, all communication uses SSL and TLS encryption and the web-based portal does not hold any sensitive customer data.