Security Policy Options & Recommendations from Infinitely Virtual: Be Smart to Be Safe
Adam Stern, CEO of IaaS provider Infinitely Virtual, has long been a straight talker about the cloud and virtualization. Stern is a bracingly honest source on all things cloud computing, especially in the area of cyber-security.
As the security environment changes, so should every organization’s response to that environment.
That includes cloud hosting providers. Threats evolve over time, and Infinitely Virtual is evolving with those threats. Just as providers have a role to play, every organization does as well. The good news is that everyone can be secure by following the right steps. Toward that end, Infinitely Virtual has come up with a list of Security Policy Options and some specific recommendations designed to bring those options to life (please see below).
Infinitely Virtual regards security as a process, not an event — a mindset, not a matter of checking boxes and moving on, as one might on a job application. Sound security planning requires assessing threats, choosing tools to meet those threats, implementing those tools, assessing the effectiveness of the tools implemented – and repeating this process on an ongoing basis.
Infinitely Virtual is among the world’s most secure cloud environments. The company achieved that status by putting a priority on security from the moment it opened its doors. And IV has been advocating for steps large and small, not only for its clients’ organizations but within its own. Infinitely Virtual has long championed measures like clustered firewalls and intrusion detection and prevention systems (IDPS); “hands free” protection against volumetric attacks, delivering real-time DDoS mitigation; and safeguards like multifactor authentication from Duo Security.
So deeply ingrained is security in Infinitely Virtual’s DNA that going above and beyond is now standard operating procedure. The company passes the SSAE (Standards for Attestation Engagements) No. 16 Type II audit annually, one of the most rigorous auditing standards for hosting companies. To be SSAE compliant, a hosting provider needs to offer SSL capability, enterprise-level, application level protection, hardware firewall, IP-restricted FTP, managed backups with 14-day retention, advanced monitoring and multi-level intrusion prevention.
Infinitely Virtual likewise earnedthe rating of “Enterprise-Ready™” in Skyhigh Networks’ CloudTrust™ program for four of its offerings — Cloud Server Hosting, InfiniteProtect, InfiniteVault and Virtual Terminal Server. Skyhigh identifies and classifies thousands of cloud services and provides an objective and detailed evaluation of the enterprise-readiness of each cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA).
Each year, IV successfully completes the HITECH audit, which spells out many of the requirements contained in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), to protect the privacy and security of protected health information.
The company practices what it preaches, striving to be its customers’ 24x7x365 ally in this secure hosting effort. Infinitely Virtual asks clients to be as vigilant and responsible as it is. Every organization has a role to play, implementing and evolving security policies and procedures that best fit its environment and business requirements. The options below are just that – suggestions that can serve as an addendum to an existing policy – or as a framework for new internal guidelines. Infinitely Virtual will configure any or all of the following for its customers at no cost.
A strategic approach to security should be understood as a form of corporate physical fitness. Sitting ducks, after all, can’t move nearly as swiftly as hawks.
