Cloud Security

The Business Perspective

Security is a critical challenge for many organizations as they consider cloud infrastructure. Our patent-pending security architecture will delight your security team.

Enterprise-Grade Security For The Cloud

The economic advantages of cloud infrastructure are increasingly well understood - the ability to flex infrastructure to meet demand, the value of usage-based payment, the sheer power of scale. But many organizations still have concerns about the security implications of this new deployment paradigm. Some of the more concrete concerns we hear are:

• "If lawyers subpoena my cloud provider, can they get access to my data?"
  
  
• "How do I enforce my existing security policies and procedures?"
  
  
• "The cloud provider only gives me one all-powerful user identity!"
  
  
• "I need access and event reporting for my IT governance responsibilities"

These are some of the security issues that enStratus resolves.

The foundation of our cloud management solution is a patent-pending security architecture that enforces a separation of roles:

• enStratus, running outside the cloud, is the guardian of your security keys and credentials, but has no access to your data
• Your cloud provider has your encrypted data, but not the encryption keys.

As well as thwarting the illegal attack - because now a hacker would need to simultaneously compromise two geographically separate, unlinked and encrypted systems, this approach also ensures that the only legal or governmental route to your data runs through you. At worst, lawyers could only force cloud providers to hand over encrypted data, they have to come to you for the encryption keys.

The other operational elements essential to enstratus cloud security framework include our integrated intrusion detection and our sophisticated user management and authentication. With enStratus, you can define the roles and permissions required by your security policies and we handle the enforcement and automatic logging of all activity for compliance reporting and audit purposes.

To learn more, review the screen shots below or view an enStratus demo. If you have questions or would like to discuss your project in more detail, contact us or call 612-746-3091.

The Technical Perspective

How do you adhere to the policies and procedures in the cloud? With enStratus, you gain encryption, intrusion detection and no credentials in the cloud.

Ensuring your Security Policies are Met

We have built enStratus on the foundation of separation of roles in an IT infrastructure. Through the combination role separation with the wide use of encryption and proper key management, you can construct a cloud-based infrastructure that will tolerate failures at multiple levels without damaging the overall integrity of your data as well as your ability to recover from disaster.

Key Management and Encryption

By retaining all cloud credentials outside the cloud provider, enStratus provides the most secure cloud solution for your applications. All communication between the provisioning system and the credentials system occurs over SSL web services using an SSL certificate signed by GeoTrust, VeriSign, or GlobalSign. In addition, all file systems attached to all virtual machines in this infrastructure are encrypted using SHA256 encryption.

User Management

Role-based security allowing users to access or manage resources as required. Users can be alerted to specific actions or issues. Billing codes can be allocated to budget resources. enStratus also supports LDAP to allow you to leverage existing identity management systems.

Intrusion Detection and Alerting

Monitor your cloud infrastructure protect from incidents that violate your computer security policies and practices. eStratus provides configurable alert thresholds which can be tailored by user to meet your unique requirements.

Authentication

To help our customers meet their security needs, enStratus enables customers to define the security profile they want for authentication

• Multi-factor authentication.
• Security Assertion Markup Language (SAML) Federation
• Open ID with trusted providers
  

Logs and Reports

enStratus provides a range of logs and reports to enable you to monitor your cloud infrastructure.

• Customizable alerts based on your policies
• Printable and downloadable list of complete firewall rules across infrastructure
  
• Logging of changes through the enStratus console (or enStratus web services) of who changed the configuration including reason
  
• Alerting of any firewall changes whether made in the enStratus console or externally
  
• The ability to describe IP addresses and network segments in firewall rules for audit purposes
• Server usage charts, detailed server statistics, and pending job list

You can also labels to color code servers in the server manager based on your needs. With enStratus, you also get monthly reports that will identify all costs by billing code associated with your cloud infrastructure across all clouds.

To learn more, review the screen shots below or view an enStratus demo of how to launch an AMI. If you have questions or would like to discuss your project in more detail, contact us or call 612-746-3091.