The Intervolve Managed Hosting Services are delivered on the basis that they are broadly inline with industry best practice. As such Intervolve implements security controls for managed services clients which address both data security and physical security based on risk assessments conducted within the guidelines specified by Intervolve's Risk Framework.
Documentation of security requirements and settings including deployed security controls are included in the Hosting Environment Documentation for each managed services client. Control implementation at minimum includes network segregation with the use of commercial network security appliances and network connection control and network routing control.
Intervolve Managed Hosting Services are provided with a mandatory implementation of a dedicated hardware network security appliance (firewall) that has been certified under Common Criteria (ISO15408) to the EAL4+ level. The firewalls are deployed by trained security engineers, who configure appropriate security zones, traffic management rules, with activity logged and monitored with automated alerts for exceptions sent to the Security and Compliance Manager.
Security zones are commonly used to segregate application servers from database servers by placing these in separate security zones. Based on the client security requirements, security zones may be implemented with the use of VLANS for low security requirements or with the use of firewalls for high security requirements.
Access to Managed Hosting Service systems is provided only to staff dedicated to providing support to clients who have entered into these arrangements. The controls implemented include the provision of administrative access from registered trusted hosts, and controlled user ID and password standards. System access rights are provided on a business requirements basis and are issued in consultation with our clients.
Managed Hosting Services systems are monitored and information security events are recorded. Logging is performed at minimum for exceptions (i.e. unsuccessful attempts to gain system access) at firewall, operating and in some cases application level. Notification of security alerts are sent to the Security and Compliance Manager with log archiving performed and retained for forensic purposes.
Data centres are built and designed to the highest possible specifications to meet the requirements of secure hosting solutions. The multi-level security infrastructure that includes:
- Door access controls at main site and building entrances
- Proximity card or bio-metric activation to authorise access levels
- Movement logs on all proximity card / biometric activations
- Internal and external CCTV cameras and digital image archiving
- Internal and external intruder detection devices
- Vehicle entrance barriers and secure loading bays
- Onsite security staff
- 24x7 security monitoring
Secure Rack Provision
The data centre space for Managed Hosting Services is provisioned with the use of secure enclosed 42RU racks individually keyed with key control administered by the data centre manager. Access to these racks is limited to data centre staff who have been vetted in accordance to the managed services security requirements.
CCTV cameras and recording devices which are used to record activities within the data centre. While the cameras are not constantly monitored by data centre operators all activity in the room will be recorded and copies of recordings archived and retained for forensic purposes.
Access to recordings is restricted to data centre staff, and monitoring/viewing of recorded material is limited to that required for the purpose of investigating incidents as well as improving, testing and auditing security of the data centre facilities.
Would you like a Specialised Hosting Solution quote? Click here