Security

No-compromise workload and data security. Multi-layered, integrated and ready, iland security provides complete data defense against internal and external cyberthreats.

Cybercrime is on the rise.
Is your cloud ready?

Every 11 seconds, a company is hit with a ransomware attack.

The increase in cybercrime frequency, sophistication, and impact means security needs to be top of mind for all your workloads and data. With iland Cloud, security is never an afterthought with multiple layers of defense including physical, logical, process, and industry-based accreditation.

Cybercrime

Security has been a part of the iland DNA from the beginning.

As internal and external threats evolve, so too does our platform approach to protecting data. iland provides the highest levels of security capabilities and features available today, integrated with all services, and ready to adapt to your ever-increasing security requirements.

iland Security DNA

Physical
Still the first layer of defense for the most common security threats.

Process
Regular training, established controls, and security-first standard operating procedure.

Logical
The critical layer when it comes to complete workload and data security from internal and external threats.

Accreditation and certification
Competency of methods and capabilities through ongoing accreditation and certification.

Securing the epicenter of customer data

For all forms of computing, on-premises or in the cloud, the physical premises still represents the epicenter of customer data. More importantly, it also represents the first layer of defense against cyber theft. This belief drives us to give equal priority and attention to all iland facilities and apply consistent security standards across all physical assets.

Monitoring

  • Strict adherence to the Uptime Institute’s Tier III/IV standards including CCTV cameras monitoring each property 24/7/365.
  • Professional security teams (also 24/7/365) with regularly scheduled patrols around the site.

Access

  • Access to all facilities is controlled via an approved access list via photo and biometrics linked to an access card.

Environmental

  • Key environmental elements such as power, cooling and fire suppression are also secured.
  • Power is provided via enterprise grade uninterruptible power supplies (UPS), which are backed by fuel-driven generators.
  • All facilities carry enough fuel to operate for 24 hours in the event of a power failure with contracts in place for the continued supply of fuel.
  • Cooling is provided by industrial grade chiller units in an N+1 configuration.
  • Fire suppression is delivered via units that emit an inert gas (as opposed to sprinkler based systems) which is non-damaging to any electrical equipment and enables systems to remain online in the event the suppression is triggered.

Combining hardware, software, and technical configurations designed to control data access

Logical security refers to the various (and numerous) layers of technology that create a secure and stable foundation for all services and customers. In reference to layers, logical security is applied at the network, storage and hypervisor layers.
Our position is to provide as much security as possible within iland’s areas of responsibility.

Network

  • At the edge of the network, each customer has at least one virtual firewall implemented as standard; this virtual firewall provides SSL VPN termination, layer four traffic filtering and more.
  • At the network layer, every iland customer is isolated and unique; no two network segments (behind the customer’s firewall) overlap or interact in any way.

Storage

  • All storage presented to customers is only visible to their environment by utilizing logical segmentation concepts such as zoning, volumes and LUNs. All storage within iland’s Secure Cloud platform is encrypted-at-rest by default without any customer intervention required.

Hypervisor

  • Logical segmentation is implemented to avoid problems with contention, often known as “noisy neighbor.”
  • Hypervisor based security is made possible by industry-leading VMware NSX and Trend Micro Deep Security. Combined solution includes anti-malware, firewall, intrusion detection/prevention (IDS/IPS), web application protection, and integrity monitoring.
  • All these capabilities are built into the iland Secure Cloud platform by default.

Your data security is only as effective as those trained to manage it

No security solution, whether physical or logical (i.e. technology), is effective without trained and experienced people. If the people managing the system don’t understand or know how to work within the controls established to protect the various systems, the solution will fail.

  • Security processes begin before an employee even joins iland; all potential employees undergo a full background check before commencing employment.
  • Once employed at iland, all staff undergo security and compliance training as a part of their onboarding process.
  • This training is conducted at least once every six months for the duration of that individual’s employment with iland.
  • All our systems are operated with a Zero Trust/least-privileged model. This means we enforce “access denied,” unless required otherwise.
  • Access is granted, over an RBAC (role-based access control) model, providing specific individuals access based on their function. In addition to RBAC, privileged accounts are configured to operate with two-factor authentication (2FA). This is an elevated level of authorization required to access critical systems across iland’s infrastructure.
  • All employees are subject to regular access reviews to determine and ensure they still need access after changing teams or departments.

More general process orientated (i.e. non-user specific) security activities include:

  • Annual penetration testing against iland infrastructure and regular patching schedules for all systems run by iland.
  • A documented company process details how and when iland conducts patching of systems, including expedited patching for critical security updates released by iland’s vendors.

Competency through accreditation and certification

Taking into consideration all the security capabilities and attributes iland provides from physical security to technology and processes, independent validation of the company’s efforts is still a cornerstone of our commitment to customers.

As an organization, we understand many organizations require certification and accreditation from their IT providers. Today, we adhere to the following frameworks and standards:

Webinar: Want to win at cybersecurity?
Learn to play offense and defense.

Take control of your data security.

With the right combination of deep, integrated security features and capabilities, you can get ahead of internal and external cyberthreats and know you are prepared for the worst case scenarios.

iland Security Multilayered approach

Special features and capabilities:

Common, integrated, and familiar security management across all iland services via Secure Cloud Console.

As with all other aspects of iland Cloud service management, security is managed through the Secure Cloud Console. The Secure Cloud Console provides:

  • Visibility, control, and comprehensive reporting across all your services and security capabilities.
  • A familiar look and feel to VMware, ensuring users on-premises management skills and training will transfer to iland. As an additional benefit, the quick adjustment to iland’s console will reduce the risk of human error and exposure to additional threats.
iland Secure Cloud Platform

On-demand Vulnerability Scanning and Security Alerting

Built-in cloud vulnerability scanning service performs periodic penetration testing of your cloud environment, ensuring that web servers and networks are not vulnerable to attack. In addition:

  • Reports of these scans are available through our console to all customers of the iland Secure Cloud platform.
  • Customized security alerting gives individual users the ability to set alerts to receive notifications in the console if a security scan detects a vulnerability in their environment.
  • Alerts can be customized for different risk factors and users can enable many alerts for different security settings through the console including:
    • Anti-malware
    • Computer issues (reboots and clock changes)
    • Firewall
    • Integrity monitoring
    • Intrusion prevention and detection
    • Log inspection
    • Web reputation
iland Security On-demand Vulnerability Scanning

Encryption

iland offers two levels of encryption on the iland Secure Cloud platform:

  • Natively, all data is encrypted at rest.
  • For customers interested in VM encryption, we offer that capability using Hytrust. This can be selected on a per VM or per volume basis.
  • Both come with integrated encryption reports, to fulfill the needs of security and regulatory audits.
    Customers can also achieve encryption in flight (in and out of the iland Secure Cloud) via integrated NSX firewall that provides multiple VPN options for traffic encryption.

Anti-virus / Anti-malware

iland Secure Cloud has integrated malware and antivirus detection. We perform file scans, smart scans and real-time scans both on Linux and Windows systems.

Deep Packet Inspection

Our Deep Packet Inspection checks all traffic to and from VMs, enabling iland to provide:

  • Intrusion detection and prevention
  • Web application protection from black-list sites, app-layer attacks, SQL injections and cross-site scripting
  • Application controls providing visibility into applications accessing the network

Reports covering the details of the attackers, timing, and targets are available on-demand through the iland Secure Cloud Console.

Identity Access Management

Identity Access Management (IAM) includes user management and a Console permissions structure. IAM provides:

  • Granular role based access and flexibility in setting up permissions to your iland Secure Cloud environments.
  • Easy management of all Console users within your company for maximum security in your cloud.
  • Completely customizable permission controls to help ensure users are only able to interact with your environment the way you choose, down to a very granular level.

VPN

Whether accessing files on the road, or providing a distributed workforce access to data during a disaster recovery event, iland’s free integrated site to site and SSL VPN offers:

  • Secure access to your cloud resources whenever you are
  • Wizard-driven configuration and management

iland also offers the Cisco security virtual appliances in a variety configurations for customers standardizing on Cisco technology, or those who require more granular controls over their network configurations. Alternatively, you can use your own VPN appliance, physical or virtual.

Two-factor Authentication

We include two-factor authentication with all our services to ensure the security of your cloud environment, and to meet security and compliance requirements across many industries.

Log Analysis, Firewall Events, Integrity and Web Reputation Monitoring

Additional layers of security include:

  • Log Analysis: Ongoing collection and analysis of log files to identify security events across the environment.
  • Firewall Events: Continuous inspection of VM traffic, enabling policies that block suspicious activity.
  • Integrity Monitoring: Daily scans monitor critical OS and application files for suspicious behavior, including changes to key attributes, registry keys, contents, and access control lists.
  • Web Reputation Monitoring: Armed with an industry-leading black-list, iland can block users from accessing malicious sites.
iland Security Bachem testimonial

Testimonial

“In this business, the number and type of cyberattacks are creating headaches for everybody. We are convinced it’s important to have this level of safety”

–Peter Kaufmann. Vice President Global IT, Bachem

Case Study >    Press Release >

Signup for a Demo today

Top Reads