FAQs - Security
- How is security addressed?
- Do you use encryption to protect data and virtual machine images during transport across and between networks?
- What is the encryption methodology and how is it managed?
- Do you have anti-malware programs installed on all systems that support your cloud service offerings?
- How do you ensure strong authentication and access control?
- How do you prevent a security breach and/or prohibit sharing of account credentials between users and services?
- Are your cloud datacenters SSAE 16 certified?
- Can my company's workload be run on your network from its datacenter?
- Does iland work with customers that must achieve regulatory compliance in the cloud, i.e. HIPAA, ITAR, PCI?
- Is the data sufficiently isolated from other users of the multitenant cloud?
- Can you logically segment and recover data for a specific customer in the case of a failure or data loss?
- How will I really know where my data is being stored?
- Is the environment sufficiently provisioned to handle the demand placed upon it not only by legitimate users but also by attackers launching a denial of service attack?
- Will I be able to get a block of sequential IP addresses to prevent our addressing scheme from becoming a mess?
- Do iland’s datacenters (and the systems in them) provide controls around the security of sensitive information in transit?
- If iland hosts my infrastructure will I have to install my own firewall or is that something you provide?
iland has comprehensive security capabilities that include the following:
- Physical security: iland’s SSAE 16/ISO 27001 datacenters have 24×7 onsite security staffing and site access, CCTV surveillance, dual authentication biometric and badge access control, and mantraps.
- Network security
- IPSec VPN via vShield Edge
- iland Cloud Connect for Direct MPLS/P2P
- Fully Managed Intrusion Detection Systems/Intrusion Prevention Systems
- Dedicated or virtual firewall services
- Virtual firewall: VMware vShield Edge provides a rich set of integrated networking and security gateway services for protecting virtual datacenters and optimizing resource utilization. This virtual appliance includes services such as firewall, network address translation (NAT), load balancing, and VPN. Edge High Availability protects against network, host and software failures.
- Physical firewall: iland can provide hardware-based stateful packet-layer and application firewalls for additional security capabilities.
- Cloud security:
- Role-based access controls
- VM compliance, log monitoring & reporting
- Data encryption
iland requires all data and virtual images replicated to our environment occur over a site-to-site VPN with either 3DES or AES-256 encryption technology.
iland uses IP-Sec standards for the creation of secure virtual private networks between a customer environment and iland cloud resources.
If a customer uses iland Managed Resource Cloud for production and disaster recovery, iland will fully manage the VPN between the sites as long as there is vSphere at both sites.
For customers using iland Cloud Services – the customer can set up the IP-Sec tunnel and manage it.
Yes, all iland management servers and workstations adhere to our internal domain policies regarding anti-virus and threat detection.
iland employees must maintain minimum length passwords and change them every 30 days. iland does not maintain a login to customer servers. Customers are responsible for authentication and access control on their own operating systems and applications.
iland does not maintain access to customer accounts. Customers are responsible for prohibiting the sharing of account credentials regarding their own operating systems and applications.
Our datacenter facilities throughout North America and Europe have been certified according to SSAE 16, ISO 27001:2005, ISO 14001:2004 and OHSAS 18001:2007 requirements. These facilities are designed to meet the stringent standards for security processes and operational controls that Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley and other regulations require.
Yes, customers can utilize their local resources and iland cloud infrastructure by implementing site-to-site VPN, point-to-point or MPLS network technologies that allow secure, hybrid functionality for their workloads.
iland has customers from diverse industries using us for cloud infrastructure. Compliancy requirements by these customers include HIPAA, ITAR and PCI.
Yes, in fact all iland customers using our cloud resources are provisioned on dedicated virtual firewalls or vLAN segments which are restricted to inbound or outbound access on specific ports and protocols stipulated by the customer.
Yes, customers subscribing to an iland managed backup offering can request an entire virtual machine to be restored so the lost data can be accessed and recovered.
The agreement you have with iland informs you where your data will be held. Our network of global datacenters work together to provide high availability and security of customer data. Depending on your requirements, iland can give you a choice on where you wish your data to reside.
iland has enough bandwidth and works with many diverse carriers to allow for all customer throughput and other traffic. We also have the ability to block non-legitimate traffic – either at our edge network or by contacting our carriers and having traffic blocked upstream. iland utilizes both automated triggers and manual monitoring of systems to determine the health of and any threats to our environment.
iland allocates external IPs to the customer during the initial deployment period. The sequential IP needs of the customer should be communicated to iland at or before deployment.
iland has customers utilizing sequential block sizes ranging from a /30 to a /19. Customers requesting blocks larger than a /28 are required to complete an IP justification form.
All iland cloud datacenters were selected on the basis of security, redundancy, certifications, financial stability and reputation and have the following:
- SSAE-16, ISO 27001:2005, ISO 14001:2004 and OHSAS 18001:2007 certifications. These relate to the processes and controls for security, network, power, redundancy, cooling and fire suppression.
- N+1 or greater redundancy on power and cooling
- 24x7 Onsite Security, CCTV, Dual-factor authentication via Biometric and Badge with Mantrap access
With any iland cloud, customers can subscribe to an iland managed firewall service, host their own virtual or physical firewall, provide their own physical firewall or they can utilize a dedicated virtual firewall.