Security

Security

Organisations of all sizes and across all sectors are rapidly recognising the potential benefits of using cloud based IT services. One of the most common questions that arise when companies first begin to assess this technology is around data security and risk. However, following investigation many organisations decide to employ cloud or hosted services directly as a result of the increased security and protection that it brings.

Initially it may be reassuring to think of your company data residing in the servers based in your communication rooms or sitting on the company server in the office. However, professional cloud infrastructure and hosted services companies provide far more security and resilience than the average organisation.

With 24/7 systems management 365 days of the year, enterprise class facilities, multi level / multi site redundancy and uptime SLA’s of 99.99%, Nimbus Technology Systems Ltd provides an enhanced level of security and data protection than traditional on premise solutions;

Physical Security - We only utilise Tier 4 Data Centres, chosen for both advanced network peering, but also physical security and redundancy options. All data centres have multiple power feeds from separate substations, primary and secondary power distribution units and standby power generators on-site. Heating, ventilation and air-conditioning requirements are met with 3,350 tons total refrigeration capacity with N+2 redundancy (5 chillers at 670 tons each), together with seven 30-ton CRAC (Computer Room Air Conditioner) units inside our data rooms. All our Data Centre Vendors are ISO 27001 accredited for physical security, for example; Level 3, Interxion and Tata. Access must be restricted and controlled, typically with proximity card and biometrics.

Data Resilience

We use platforms with purely diskless processing engines, ensuring all data is stored on Storage Area Networks (SAN). They offer much greater resilience than traditional hard drives because they store (Stripe) data access across multiple drives across the SAN for resilience and speed. Typically SANs used are between 20 and 240 live drives. Centralised storage also means it is much easier to secure and protect. As a policy, we copy (replicate) our SAN data to alternate data centres in the UK. This equates to having offsite and real time copies of any data stored in the primary site.

Data encryption

All data stored is to a minimum of 256 bit encrypted thereby ensuring only client data is seen and used by those authorised to do so.

Secure access to Services

All of the access points to our services are encrypted through the use of SSL (Secure Socket Layer) which are at least 128 bit encrypted. This provides encryption for all data which is being sent to and from our network, such as email, desktop data, passwords etc. In the case of desktops, a connection broker is used to provide encryption through RSA RC4 for key strokes and screen data. Clients can use VPN (virtual private network) access to their collection of services such as our Hosted Desktops. This is a cost option, but clients can be provided with PPTP or Cisco VPN with a permanent point to point tunnel or dial up VPN if required

Electronic Intrusion Detection and Logging

To protect data and security, TripWireTM intrusion detection systems (IDS) is used. IDS is used to log and look for unusual network and user behaviour within our internal network. IDS is deployed on both internal and external networks, it has a number of automatic triggers to alert engineers of any unusual behaviour and to isolate any potential problems. NTS employs a policy to log user access to any of the services such as Hosted Desktop, Exchange etc., and stores this information securely as part of our data retention policy

Staff Change Control & Access Monitoring

All Engineers provided with access to potential sensitive information have a passed a data competency check. All staff members are CRB checked and all references followed through. Any changes to data, systems or infrastructure must be logged with change control software both to ensure reversal of policies can be instigated, but also for tracking of issues. We use an ITIL compliant change control programme from eSupport and regular quarterly audits are made by senior management to ensure access to data is aligned to roles of staff members.

User & Storage Separation

Access to user data is managed by ACL (access control lists) which designate which users have which access to which services and data. This is managed via internal networks which resides within our infrastructure. Users will only be allowed to access their own unique data. In case of hosted desktops and servers, data is protected by virtulisation technologies such as VMware and Parallels. These isolate at the hardware or software level what users are doing which provides total security to users within these systems as well as the data they are accessing. Users have their own virtualised and isolated environment to work in, not the same one as other users. Each customers data is stored in a separate LUN** (logical unit number) on our SAN. This is a grouping of storage that is isolated in a partition for a specific user or service. Through ACL, only designated user or users will have access to read and write to this LUN. Typically, ACL is managed securely via LDAP or Active Directory.

** This does not apply to shared services such as Exchange and Web hosting.

Data Ownership

NTS and its platform vendors comply with the principles of the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulation 2003. The eight principles relating to processing of personal information are;

• Fairly and lawfully processed
• Processed for a limited time
• Adequate, relevant and not excessive
• Accurate
• Not kept for longer than necessary
• Processed in accordance with your rights
• Secure
• Not transferred to countries without adequate protection.

Your privacy and security is of utmost importance to us, we will always follow the eight principles and ask how you would like us to communicate with you.

Customer Data

At all times the data stored within NTS Services is the property of the customer. You can be confident that your data is safe and will always be available to you, and only you, reducing business risk. Our managed service protects you from the ever changing threat of viruses and loss of data. We take full responsibility for ensuring that proper security measures are in place to protect your data. Customers have access to their own private data at any time, with which they can copy, backup and store copies themselves if required. None of the data is stored in proprietary format.

In the case of service termination the data can be provided to the Customer on DVD or other Portable Digital Media subject to a Chargeable Support Service fee. This data will only be kept for a maximum of 7 days while it is filtered out of the backup archives

Data Backup

Full data snapshots are taken weekly, incremental tape back ups are taken daily and all backups are retained for 7 days unless an additional policy is agreed with the client.

Data Archive Retention Policies

Whilst backups are kept they are part of our Archive Retention Policy. Data residing in the Archive Store will be deleted in accordance with a pre�]determined policy. Archive Retention Policies (ARP) can be customised in a variety of ways to meet specific requirements. The standard approach for managing deletions is to have an ARP set at the time of the initial backup is taken No data can be deleted from the Archive Store by Customers, by any means, before the retention period in the policy has expired. Retention policies can be used to meet data protection and email retention compliance requirements.

Current retention policies which are subject to change:

Anti Virus and Anti Spam

Our hosted exchange service uses a full suite of providers including MX logic’s Mail defence for antivirus and anti spam. Hosted desktops use AVG enterprise class anti-virus engines and data sweep technology to ensure data security.

Corporate protection

We even give assurances about business continuity in the very unlikely event that Nimbus Technology Systems Ltd ceases to trade or is acquired. We have a commercial agreement in place that protects our clients ongoing services and if required transfers the running and provision of these services to one of our main platform providers; ThinkGrid (www.thinkgrid.co.uk). ThinkGrid is a major UK provider of data-centre and cloud infrastructure services with thousands of clients. This commercial arrangement ensures services remain uninterrupted, existing pricing is protected and existing contract terms are honoured.