Virtustream Enterprise Cloud

Security and compliance

Virtustream is dedicated to providing the highest levels of security and compliance to protect your enterprise.


Virtustream Enterprise Cloud delivers—in a single integrated platform—comprehensive technology to support risk and compliance management throughout the entire technical and operational stack.

A commitment to compliance

A rigorous approach to information security management is core to the way we manage our facilities and operations. That’s why all Virtustream data centers have the appropriate certifications, and our technical data center personnel are government security cleared.

Our data centers and IaaS offering have achieved several important government and industry certifications, including SSAE16, ISAE3402, PCI-DSS 3.1, FISMA, IS0 27001:2013, ISO 9001:2008, HIPAA/HITECH. In addition, the company has successfully demonstrated compliance for three KPMG-led Sarbanes-Oxley (SOX) audits.

Virtustream’s xStream compliance certifications



Trust

Trust is the cornerstone of any security strategy. This is particularly the case for cloud-based systems, where distributed users, systems and software must be able to validate the identity of other users, systems and software. Virtustream Enterprise Cloud employs industry-leading innovations such as Intel TXT, 2-factor authentication, and encryption throughout the system to enable secure cloud computing environments.

Intel Trusted Execution Technology (TXT)

Virtustream xStream software provides support for Intel TXT, ensuring a trusted boot environment when used with TXT-enabled hardware. Intel TXT protects critical system software by validating the code belonging to trusted programs (e.g. a “known good” BIOS or hypervisor, or the xStream software itself) before allowing it to run.

By preventing host machines from emerging threats such as hypervisor attacks, BIOS and firmware attacks, malicious root kit installations, or other software exploits, xStream and Intel TXT deliver a trusted computing platform upon which enterprise-grade cloud services may be delivered.

Two-Factor Authentication

Virtustream Enterprise Cloud utilizes strong two-factor authentication as a standard authentication mechanism for users accessing its management portal. Users are authenticated via a user-selected PIN and a one-time password generated via a software-based token or a hardware-based token, providing a high degree of confidence that access to the management console is restricted to authorized users. We support software tokens on diverse platforms including iOS, Android, BlackBerry or desktop systems.

Encryption

Encryption is a foundation of confidentiality and integrity and is used throughout the Virtustream Enterprise Cloud. Various third party products are used to secure data at rest and data in motion as well to authenticate the various components of the Virtustream Enterprise Cloud technology stack. Utilizing FIPS-compliant cryptographic technology, Virtustream Enterprise Cloud is able to support all major encryption requirements for file system, database, and network transport protection.

Visibility

Visibility, the ability to verify and monitor the state of your computing environment at all times, is foundational to security. Virtustream Enterprise Cloud ensures full visibility into the entire cloud stack—from the network layer up through the organization’s overall security and compliance posture—all via a single pane of glass management interface.

Auditing

Effective security auditing demands that everything within the cloud is logged. Virtustream Enterprise Cloud supports this by logging all system auditable events, and full reporting can be performed from the operations portal.

An optional user activity monitoring module visually records administrative and terminal sessions on Windows and Unix hosts, capturing every user action to meet stringent audit and compliance requirements, and support precise forensic investigation.

Alerting

Virtustream Enterprise Cloud’s alerting engine helps organizations monitor and manage ongoing security risk by allowing administrators to set alerts and alarms on a wide variety of system security events.

Security Information and Event Management (SIEM)

To meet the most stringent enterprise security requirements, Virtustream Enterprise Cloud makes available a tightly integrated, real-time SIEM framework to ensure high degrees of situational awareness. The Virtustream Enterprise Cloud SIEM offers advanced log management, event correlation, alarms and alerts, and comprehensive security dashboards. Virtustream Enterprise Cloud SIEM also offers a variety of compliance management features.

Control

With trust and visibility established, a healthy security plan puts controls in place to enforce enterprise policy. Virtustream Enterprise Cloud offers several features to enact enterprise security controls, including role-based authorization, network controls and advanced multi-tenancy and cloud federation features.

Role-Based Authorization

Minimizing the risk of internal threats requires a strict separation of administrative responsibilities. To facilitate this, Virtustream Enterprise Cloud provides role-based access controls capable of providing granular authorization based on user-defined roles. Roles range in scope from super-administrators with total control to read-only access for restricted users.

Virtual Firewall

Virtustream Enterprise Cloud’s full-featured virtual firewall technology can be enabled to protect virtual infrastructure from transport layer attacks. With a complete view of all network traffic, virtual network settings and virtual machine states, the VMsafe- certified virtual firewall provides access control using stateful policies that define which ports, protocols, destinations and virtual machines should be blocked.

Compliance

To effectively migrate enterprise workloads to cloud environments, organizations must be empowered to enforce a wide range of corporate and regulatory compliance policies. Virtustream Enterprise Cloud meets the most demanding cloud security requirements and provides innovative features to help enterprises maintain compliance, such as continuous audit and SIEM. Virtustream Enterprise Cloud’s innovative compliance engine delivers push-of-a-button visibility into the status of your organization’s compliance with its infrastructure, operational and management policies and controls.

Continuous Audit

Virtustream Enterprise Cloud provides continuous auditing and compliance features to satisfy the continuous compliance and security auditing requirements of modern information assurance and compliance frameworks.

Virtustream Enterprise Cloud’s integrated SIEM continuously monitors security logs, alerts and system alarms gathered from multiple components in the cloud environment, analyzing a massive amount of incoming security data to display an organization’s real-time security and compliance posture via an easy-to-use dashboard and an extensive suite of pre-built reports.