You are here

Security and Compliance

For organizations evaluating cloud computing alternatives, security is often cited as the number one reason NOT to move forward. Data must always be properly secured, and security policy may also designate certain data as sensitive to compliance mandates such as PCI, HIPPA, FISMA or SAS 70 Type II. When information is deemed sensitive, ILM and compliance policies mandate that data must be properly secured and accessible only thru proper access control procedures.

But let’s be specific on the critical issue of security. Why should an organization be more or less comfortable storing data in the cloud versus on premise? Perhaps the best way to assess the security posture of a cloud provider is to compare their capabilities against the on premise alternative. Solix Cloud is designed with best practices in mind to ensure the highest levels of physical, operational and system security.

Physical security includes locking down and logging all physical access to servers. Solix Cloud physical security measures include:

  • Data center access limited to data center technicians
  • Biometric scanning for controlled data center access
  • Security camera monitoring at all data center locations
  • 24x7 onsite security staff provides additional protection against unauthorized entry
  • Unmarked facilities to help maintain low profile
  • Physical security audited by an independent firm

Operational security involves creating business processes that follow security best practices to limit access to confidential information and maintain tight security over time. Solix Cloud operational security measures include:

  • Full AES-256 encryption
  • Digital fingerprinting to guarantee integrity over the lifetime of the file
  • Automated, policy-based archiving, migration, retention
  • Data immutability
  • Full access audit trail
  • File level data de-duplication
  • Secure file deletion / crypto-shredding
  • ISO17799-based policies and procedures, regularly reviewed as part of our SAS70 Type II audit process
  • All employees trained on documented information security and privacy procedures
  • Access to confidential information restricted to authorized personnel only, according to documented processes
  • Systems access logged and tracked for auditing purposes
  • Fully documented change-management procedures
  • Independently audited disaster recovery and business continuity plans
  • Best practices used in the random generation of initial passwords
  • All passwords encrypted during transmission and while in storage at Solix Cloud
  • Secure media handling and destruction procedures for all customer data
  • Support-ticket history available for review
  • System logging to create an audit trail

System security involves locking down customer systems from the inside, starting with hardened operating systems and up-to-date patching. Solix Cloud offers a full range of options to take system security to the next level.

  • System installation using hardened, patched operating systems
  • System patching to provide ongoing protection from exploits
  • Dedicated firewall and VPN services to help block unauthorized system access
  • Data protection with managed backup solutions
  • Optional, dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access
  • Distributed Denial of Service (DDoS) mitigation
  • Risk assessment and security consultation by professional services teams