The Intervolve Managed Hosting Services are delivered on the basis that they are broadly inline with industry best practice. As such Intervolve implements security controls for managed services clients which address both data security and physical security based on risk assessments conducted within the guidelines specified by Intervolve's Risk Framework.
Documentation of security requirements and settings including deployed security controls are included in the Hosting Environment Documentation for each managed services client. Control implementation at minimum includes network segregation with the use of commercial network security appliances and network connection control and network routing control.
Intervolve Managed Hosting Services are provided with a mandatory implementation of a dedicated hardware network security appliance (firewall) that has been certified under Common Criteria (ISO15408) to the EAL4+ level. The firewalls are deployed by trained security engineers, who configure appropriate security zones, traffic management rules, with activity logged and monitored with automated alerts for exceptions sent to the Security and Compliance Manager.
Security zones are commonly used to segregate application servers from database servers by placing these in separate security zones. Based on the client security requirements, security zones may be implemented with the use of VLANS for low security requirements or with the use of firewalls for high security requirements
Managed Hosting Services systems are monitored and information security events are recorded. Logging is performed at minimum for exceptions (i.e. unsuccessful attempts to gain system access) at firewall, operating and in some cases application level. Notification of security alerts are sent to the Security and Compliance Manager with log archiving performed and retained for forensic purposes.
Data centres are built and designed to the highest possible specifications to meet the requirements of secure hosting solutions. The multi-level security infrastructure that includes:
Secure Rack Provision
The data centre space for Managed Hosting Services is provisioned with the use of secure enclosed 42RU racks individually keyed with key control administered by the data centre manager. Access to these racks is limited to data centre staff who have been vetted in accordance to the managed services security requirements
CCTV cameras and recording devices which are used to record activities within the data centre. While the cameras are not constantly monitored by data centre operators all activity in the room will be recorded and copies of recordings archived and retained for forensic purposes.
Access to recordings is restricted to data centre staff, and monitoring/viewing of recorded material is limited to that required for the purpose of investigating incidents as well as improving, testing and auditing security of the data centre facilities.