Managed Cloud Services - Security
The NaviCloud platform provides all of the security you expect from traditional hosting environments: two-factor authentication, network-intrusion detection, automated vulnerability scans, and third-party penetration testing.
But security doesn’t end there. NaviCloud can also include advanced firewall technology to provide intelligent threat defense with advanced capabilities such as identity-based access control and protection from denial of service (DoS) attacks. Role-based access control ensures that users only have the permissions they need for their business or support roles. Permissions can also be set on objects or groups managed by NaviSite.
Compliance is at the heart of NaviCloud. All NaviCloud-enabled data centers are SSAE 16 SOC 1 compliant, and undergo regular and rigorous reviews of policies, practices, and security measures.
NaviCloud Platform Hardening
NaviSite has developed independent hardening standards based on an amalgamation of recommendations from vendors, regulators, and independent security organizations. This approach allows for a platform that meets the requirements of a disparate customer base from the same platform. Given the multitenant nature of NaviCloud, it is critical to ensure that compromised VMs in one customer account cannot affect other clients’ VMs. While there are controls built into the network and provisioning process, NaviCloud also completely locks down the hypervisor to prevent malicious users from accessing or undermining other accounts. For instance, properly hardened hypervisor layers prevent IaaS users from inadvertently mapping IP addresses across virtual machines and IP spoofing. This hardening makes it difficult to install "eavesdropping programs" to monitor virtual machine memory space. NaviCloud also leverages the hypervisor infrastructure to rapidly propagate new configurations, patches, or layered security policies across the cloud implementation.
Highly Secure Cloud Computing
The NaviCloud platform employs a multi-pronged approach to ensure and enforce the security, privacy, and integrity of your applications and data. All cloud-enabled data centers are compliant with SSAE-16 requirements for physical and logical security. In addition, NaviCloud provides all of the security measures associated with traditional hosting environments, including:
- Two-factor authentication
- File integrity services
- Network intrusion and protection
- Log aggregation and correlation
- Automated vulnerability scans
- Third-party penetration testing