Infrastructure Security Overview

Similar documents
WHITE PAPER. Solutions OnDemand Hosting Overview

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Awareness Technologies Systems Security. PHONE: (888)

Data Centre Stockholm II, Sweden Flexible, advanced and efficient by design.

InterCall Virtual Environments and Webcasting

University of Pittsburgh Security Assessment Questionnaire (v1.7)

QuickBooks Online Security White Paper July 2017

Hosted Testing and Grading

Introduction. Service and Support

Watson Developer Cloud Security Overview

What can the OnBase Cloud do for you? lbmctech.com

Data Center Operations Guide

Dude Solutions Business Continuity Overview

DATA CENTRE & COLOCATION

SECURITY & PRIVACY DOCUMENTATION

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

The Common Controls Framework BY ADOBE

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Symantec Security Monitoring Services

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Security and Compliance at Mavenlink

Layer Security White Paper

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

You Might Know Us As. Copyright 2016 TierPoint, LLC. All rights reserved.

Integrated Cloud Environment Security White Paper

APC by Schneider Electric Elite Data Centre Partner

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

KantanMT.com. Security & Infra-Structure Overview

Data Security and Privacy Principles IBM Cloud Services

COLOCATION 1/4 RACK RACK COLD AISLE CONTAINEMENT PRIVATE CAGE PRIVATE SUITE FLEXIBLE PRICING OPTIONS

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Keys to a more secure data environment

RFP Questions Guideline For Data Center Buyers

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Twilio cloud communications SECURITY

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

CenturyLink Data Center Services Omaha, Nebraska

QTS IS ABOUT CONNECTING YOU

CenturyLink Data Center Services Herndon, Virginia

Data Center Checklist

FormFire Application and IT Security

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Data Centre Security. Presented by: M. Javed Wadood Managing Director (MEA)

Global Platform Hosting Hosting Environment Security White Paper

enalyzer enalyzer security

Cloud-Based Data Security

Diverse Connect. Guaranteed connectivity for all your critical applications

MEETING ISO STANDARDS

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

CND Exam Blueprint v2.0

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

DATA SECURITY THE PROTECTION OF YOUR INFORMATION IS OUR PRIME DIRECTIVE

Security Standards for Electric Market Participants

Continuous protection to reduce risk and maintain production availability

Total Security Management PCI DSS Compliance Guide

SECURITY PRACTICES OVERVIEW

VMware vcloud Air SOC 1 Control Matrix

San Francisco Chapter. What an auditor needs to know

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

DATA CENTER SERVICES CONNECTIVITY: THE TRUE DIGITAL TRANSFORMATION

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Vol. 1 Technical RFP No. QTA0015THA

IXcellerate Moscow One Datacentre - Phase 1 & 2 Overview

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Data Centre & Colocation in Birmingham. Flexible. Secure. Accredited.

Green IT and Green DC

PRODUCTS & SERVICES. colocation services

ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Datacentre Milton Keynes Hall C Data sheet

WORKSHARE SECURITY OVERVIEW

1.0 Executive Summary. 2.0 Available Features & Benefits

IT your way - Hybrid IT FAQs

World Class. Globally Certified. High Availability.

peace of mind kit FAQ s Q: Is AccuPay bonded?

WHITE PAPER- Managed Services Security Practices

Unified Communications from West

IBM SmartCloud Notes Security

Cisco EnergyWise Optimize and Cost Saving. Traditional IT Power Management

One Hospital s Cybersecurity Journey

BUSINESS CONTINUITY. Topics covered in this checklist include: General Planning

Education Network Security

Accelerate Your Enterprise Private Cloud Initiative

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

L E C T U R E N O T E S : C O N T R O L T Y P E S A N D R I S K C A L C U L A T I O N

Workbench Software Customer Portal Security. By Workbench Software, LLC. Creation Date: January 2011 Last Updated: May 2011 Version: 2.

Trust Services Principles and Criteria

A company built on security

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

Run a Smart Workplace Introducing the Digital Building. Digital Building Solutions

Maximize Your Assets Securely and Cost Effectively

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

84 kw, Tier 3, Direct Expansion, 937 ft 2

First Federal Corporation Gaithersburg, MD Office: Toll Free: Fax:

WHITE PAPER. Title. Managed Services for SAS Technology

Symmetra PX 48kW. Scalable from 16 to 48kW. Make the most of your energy TM. Modular, Scalable, High-Efficiency Power Protection for Data Centers

NOAA TICAP. Robert Sears NOAA/OCIO/SDD/N-Wave

Cisco Smart+Connected Communities

Transcription:

White Paper Infrastructure Security Overview Cisco IronPort Cloud Email Security combines best-of-breed technologies to provide the most scalable and sophisticated email protection available today. Based on the same industry-leading technology that protects 40 percent of Fortune 1000 companies from inbound and outbound email threats, Cisco IronPort Cloud Email Security allows customers to reduce their onsite data center footprint and out-task the management of their email security to trusted security experts. It provides dedicated email security instances in multiple, resilient data centers to enable the highest levels of service availability and data protection. Cisco IronPort Email Security solutions are designed to ensure the highest levels of security and availability of the cloud infrastructure from both a physical and logical access perspective. The design spans aspects such as access controls to data center buildings, processes to protect access to customer data, and the availability of the hardware infrastructure. Figure 1 highlights these aspects. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 1

Physical Security Physical security of the data center is the foundation of a vigilant security infrastructure. Data center security is supported by state-of-the-art surveillance systems, backed by security personnel to ensure the highest levels of physical infrastructure security. This includes: 1. Surveillance System Along with Cisco s onsite presence, a digital video surveillance system provides for an automated surveillance interface. All fixed cameras are high-resolution color, with auto low-light switching capable of viewing to 0.01 lux. Pan/tilt/zoom cameras (PTZs) are used on the exterior and areas of sensitivity. All PTZs use up-the-coax protocol for immediate relocation to any current fixed camera location. Video is recorded at 720x240 pixels at 15 IPS upon motion or 30 IPS upon operator command. Most video channels synchronously record audio. Video is retained for approximately 100 days. The data center deploys an active surveillance system with 24x7 officers operating the camera system using IOU (identify, observe, and understand) methodology. The use of IOU increases attentiveness to the monitors and provides a superior video product for investigations. Executive team members have remote access to video via PDA and VPN laptop access. All video is archived in M-JPEG format for a minimum of 90 days. 2. Access Control/Intrusion Detection All entrances are centrally monitored 24x7x365. The exterior doors have been designed and installed for additional protection. They include detection devices and access control, and can be independently viewed by fixed cameras. Exterior access points are kept to a minimum, and (in most cases) only one door at each facility can be used for entry or exit. These doors lead into specially engineered mantraps that are constructed of 12-gauge stainless steel and strapped by ¼-in. aluminum. All access points off the mantrap require the additional biometric authentication of the card holder and mantrap relay logic. Additionally, the mantraps are fitted with a minimum of one fixed camera and audio surveillance of the space. Data Center Uptime Figure 2 describes the architecture of the Cisco IronPort Cloud Email Security solution. Highlights of this solution include: 1. Geographically diverse data centers for disaster recovery 2. SAS 70 Type II certified data centers 3. Network connectivity, power, cooling, and bandwidth redundancy within each data center 4. Bandwidth to process up to 20 Gbps of network traffic Cisco IronPort Cloud Email Security employs multiple SAS 70 Type II data centers in an active-active deployment architecture. By pointing multiple MX records to these data centers, the solution provides email continuity even in the event of an unforeseen disaster at one of the data centers. The architecture, which includes multiple data centers, ensures the highest level of availability for the Cisco IronPort Cloud Email Security service. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 6

Figure 1. Cisco IronPort Cloud Email Security Data Center Architecture Each data center has multiple levels of redundancy built into the infrastructure. The first is the network infrastructure that has multiple carrier-grade access routers, distribution switches, and POD switches (large-scale Ethernet switches with between 100-1000 ports), ensuring that there is no single point of failure. Behind this highly redundant networking infrastructure, the solution employs multiple dedicated Cisco IronPort email security instances used for mail processing, reporting, tracking, and more. To prevent failure and ensure connectivity in the event of an unexpected incident that impacts one of the inputs, the data centers use two fiber inputs that are physically separated. Additionally, these data centers have the bandwidth capacity to process up to 20 Gbps of network traffic. Most data centers today are faced with severe issues resulting from improper management and control of equipment-generated heat. Cisco IronPort data centers are built using the most advanced designs for space and power in the industry. 100-percent power availability is delivered via a sophisticated power grid architecture that includes primary power circuits and failover power connections, both of which come from completely separate N+2 power systems. Each of these systems has separate UPS batteries, generators, PDUs, and RPPs, and power is delivered to each rack via color-coded receptacles. This ensures consistent uptime for the email security instances that are plugged into the system. As server densities have increased, the demand on cooling systems has grown significantly. Each Cisco IronPort data center facility has enough primary and backup cooling to ensure that the heat generated by the email security instances is appropriately dissipated, and ample backup cooling is available in case of a failure with one of the cooling systems. The cooling infrastructure is delivered through Freon, swamp, chilled water, and outside air mechanisms. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 6

Specifications of the infrastructure at work in powering the data center are listed in Tables 1 and 2. Table 1. Power Specifications 17 KW power and cooling per rack UPS backup power End-of-sale date 120/208 VAC and -48 VDC available 100% generator backup 48 VDC battery plant Generator capacity designed to multiple 1 to 2 MW generators 1200A expandable to 10,000A Size of fuel tank: 1,000 to 2,000 gal Generator both auto start and auto transfer. Isolation bypass feature on automatic transfer switch. 2-hour battery reserve non-redundant, 4-hour reserve redundant True A/B power feeds Minimum 24-hour run-time fuel capacity Grounding in accordance with NFPA 70 2-hour response for fuel delivery Table 2. Environmental Controls Under-floor cooling provided by computer-room-grade equipment Temperature maintained at 72ºF dry bulb at ASHRAE 1% Cooling not less than 200 Btu/h per square foot with an N+1 redundancy In the event of a power interruption, HVAC systems (and entire facility) operate on diesel generators. 30% to 60% humidity noncondensing. Humidity control delivered through ATS/Liebert units via infrared humidifier. Security Operations Center The Cisco Security Operations Center (SOC) is run by Cisco Remote Operations Services (ROS). In order to ensure a world-class level of security oversight, Cisco ROS implements continual management and internal auditing of employees, processes, and tools. This helps deliver peace of mind to Cisco customers, as well as the highest level of secure service delivery standards. Figure 2. Cisco Security Operations Center Help Desk 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 6

1. Network Security The Cisco SOC uses a combination of security devices and applications adding to a defense-in-depth design. Additional layers include multiple firewalls to control inbound access to Cisco ROS. This strategy allows users to only access information that is legitimate to their purpose (least privilege). Intrusion detection systems (acting as sensors) are strategically placed throughout the network to monitor traffic and detect security events. Detected events are managed by the Cisco Security Management Service. Intrusion detection is used at various points within the network, monitoring the traffic between the service delivery network and customer networks for suspicious or malicious patterns. A security event manager provides event and threat correlation of the security devices throughout the service delivery network. Digital certificates are used to secure access to customer web portals and systems that require both internal and external access. 2. Systems Security Cisco ROS uses multiple controls to ensure the security of managed systems. These include both physical controls and vulnerability detection scans. Physical Controls Cisco provides photo identification to all employees and contractors, which must be worn visibly within the building. All visitors must obtain a visitor s badge and be escorted within the building. Entrances to controlled data centers and wiring closets are accessible only from internal corporate space. Access is granted based on a business need. Corporate space is also controlled, requiring proper badge access to enter. Video cameras are located at each building entry and monitored and managed by the 24x7 Security Facilities Operation Center. Primary power to the facility is provided by the local utility. Backup power is provided to critical areas by standby UPS systems and generators. Backup power systems are routinely checked and tested. Preventive maintenance is performed quarterly and full load tests are conducted annually. Vulnerability Scans The Cisco ROS service delivery network is routinely scanned to assess risks and vulnerabilities. Results from these assessments are used to create internal IT incident cases for necessary remediation. 3. Human Controls Information security, and the protection of informational assets and intellectual property, begins with awareness and education. To develop and preserve a culture of security, successful organizations recognize that responsibility and accountability resides with all employees. At Cisco, the executive team has embedded security into corporate initiatives and its code of business conduct, and employees are assimilating security in their daily activities. With employees educated about the importance of security awareness throughout the organization, everyone works together toward the common goal of keeping the company (and its partners and customers) secure. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 6

Human controls are becoming an important aspect of data center security. The aim for these controls is to protect customer data against security threats that may arise from within the service provider. Cisco ROS has several controls in place that help ensure customer data security. Cisco conducts background screenings as part of the hiring process for all full-time and contract employees. Job descriptions outline roles and responsibilities within Cisco ROS, and the rule of least privilege is applied to ensure proper access to customer networks and information. Additional human controls that Cisco ROS uses include: Auditing and Testing Cisco ROS employs a five-step process to mitigate exposure to network-based threats. This process includes establishing a defined security policy, assessing compliance, monitoring for policy violations, and routinely testing the policy to minimize exposure. The final step includes a routine overview of all identified threats and exposures to improve the overall security of the network. Change Control Change control is critical to the operation of any IT environment and service delivery team. Cisco ROS change control is a partnership with customers to establish proper authorization for requesting, scheduling, implementing, and validating all changes within the customer environment. Conclusion Cisco IronPort Cloud Email Security is backed by state-of-the-art data centers that enable the highest available physical, utility, and data redundancy under one roof. The support of the Cisco Security Operations Center provides an additional layer of security, ensuring secure service delivery. Through these means, Cisco is able to offer the highest levels of service availability and data protection. Printed in USA C11-701314-00 02/12 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback