A cloud infrastructure is only as secure as its policies and procedures, which is why we’ve employed a full spectrum of cloud security technologies and processes to protect our Eze Private Cloud and the data and resources that reside in it.
Eze Castle Integration’s cloud security practices encompass the following areas:
Eze Castle’s cloud facilities are Tier III class data centers, which are composed of multiple active power and cooling distribution paths, providing 99.982% availability.
The Eze Private Cloud is physically secured in data centers via the following protocols:
- 24x7x365 manned lobby with visual verification of identity
- Two-phase (card and biometric) authentication of visitors
- Secured access doors & elevator banks
- Monitored security cameras
- Additional door, motion and camera sensors
- Visitor logs for cages, which are periodically reviewed and cross-checked
- Key-locked cages and cabinets
Isolation & Virtualization Security
The Eze Private Cloud offers our investment firm clients a secure, isolated environment for their data, resources and applications to reside. Through secure separation, there is no risk for cross-contamination of data or access to other client environments.
The Eze Private Cloud ensures high levels of availability, virtually eliminating the risk of unplanned downtime. Redundancy is built into every layer of the cloud infrastructure – from computing resources to networking and storage resources. Additional server security measures are in place in accordance with vendors’ best practices recommendations. These measures include approved upgrades, patches and security packs, server health monitoring and reporting, server authentication, corporate anti-virus software and more.
Policy Enforcement & Access Controls
Eze Castle’s private cloud services are enhanced by secure policy enforcement and access controls to ensure the protection of client data and resources. These measures include:
- Limiting access to the virtualization management infrastructure by both identity and network location;
- Role-based access control implemented on storage, virtualization and network infrastructure; and
- Quarterly audits to ensure compliance.
Eze Castle implements Internet Protocol Security (IPSec) practices to secure cloud inter-site transmissions. We also employ IPSec or SSL-based encryption for end-user client communication. Sensitive messages are handled in compliance with regulatory legislation including SOX, GLBA, PIPEDA, and the European Union Data Directive.
The Eze Private Cloud infrastructure employs multiple layers of resiliency and is hardened according to vendor recommendations. Infrastructure Access Control Lists (ACLs) are implemented on routers and switches to provide additional layers of overlapping protection. Additionally, quality of service controls are implemented at multiple layers to ensure resource availability.
On the virtualization front, all network interfaces are configured in a redundant manner, and the virtualization management infrastructure is backed up and replicated to multiple data centers to ensure resiliency and uptime. Our infrastructure features an N+1 configuration to tolerate any single equipment failure and ensure high availability at all times.