Security and Compliance

Virtustream Enterprise Cloud

Virtustream is dedicated to providing the highest levels of security and compliance to protect your enterprise.

Virtustream Enterprise Cloud delivers—in a single integrated platform—comprehensive technology to support risk and compliance management throughout the entire technical and operational stack.

A COMMITMENT TO COMPLIANCE

A rigorous approach to information security management is core to the way we manage our facilities and operations. That’s why all Virtustream data centers have the appropriate certifications, and our technical data center personnel are government security cleared.

Our data centers and IaaS offering have achieved several important government and industry certifications, including:

  • SSAE18/ISAE3402/HITRUST/SOC1
  • SOC2
  • SOC3
  • PCI-DSS 3.1
  • FedRamp
  • ISO 27001:2013
  • ISO 9001:2015
  • HIPAA/HITECH

Virtustream works closely with customers to ensure their enterprise class workloads are hosted in the right environment based on their compliance needs.

Virtustream Enterprise Cloud Compliance Certifications

virtustream_infographics_compliance_NA.jpg#asset:4423:urlSecurity-Chart.jpg#asset:4421:url

GLOBAL COMPLIANCE

Virtustream offers Virtustream Enterprise Coud in data centers across the globe, including Europe, Japan, Australia, and many US sites. Given the global footprint, Virtustream's compliance initiative includes our customers' local and regional requirements, as well as assisting customers in meeting General Data Protection Regulation (GDPR) high risk obligations.

TRUST

Trust is the cornerstone of any security strategy. This is particularly the case for cloud-based systems, where distributed users, systems and software must be able to validate the identity of other users, systems and software. Virtustream Enterprise Cloud employs industry-leading innovations such as Intel TXT, two-factor authentication, and encryption throughout the system to enable secure cloud computing environments.

INTEL TRUSTED EXECUTION TECHNOLOGY (TXT)

Virtustream xStream software provides support for Intel TXT, ensuring a trusted boot environment when used with TXT-enabled hardware. Intel TXT protects critical system software by validating the code belonging to trusted programs (e.g. a “known good” BIOS or hypervisor, or the xStream software itself) before allowing it to run.

By preventing host machines from emerging threats such as hypervisor attacks, BIOS and firmware attacks, malicious root kit installations, or other software exploits, xStream and Intel TXT deliver a trusted computing platform upon which enterprise-grade cloud services may be delivered.

TWO-FACTOR AUTHENTICATION

Virtustream Enterprise Cloud utilizes strong two-factor authentication as a standard authentication mechanism for users accessing its management portal. Users are authenticated via a user-selected PIN and a one-time password generated via a software-based token or a hardware-based token, providing a high degree of confidence that access to the management console is restricted to authorized users. We support software tokens on diverse platforms including iOS, Android or desktop systems.

ENCRYPTION

Encryption – a foundation of confidentiality and integrity – is used throughout the Virtustream Enterprise Cloud. Various third-party products are used to secure data at rest and data in motion as well to authenticate the various components of the Virtustream Enterprise Cloud technology stack. Utilizing FIPS-compliant cryptographic technology, Virtustream Enterprise Cloud is able to support all major encryption requirements for file system, database, and network transport protection.

VISIBILITY

Visibility, the ability to verify and monitor the state of your computing environment at all times, is security's foundation. Virtustream Enterprise Cloud ensures full visibility into the entire cloud stack—from the network layer up through the organization’s overall security and compliance posture—all via a single management interface.

AUDITING

Effective security auditing demands that everything within the Virtustream cloud management tier is logged. Virtustream Enterprise Cloud supports this by logging all system-auditable events, and full reporting can be performed from the operations portal.  Customers can extend their auditing tools into their tenant space or elect to implement Virtustream’s fee-based, security information and event management (SIEM) logging capability.

Virtustream Enterprise Cloud provides continuous auditing and compliance features to satisfy the continuous compliance and security auditing requirements of modern information assurance and compliance frameworks.

ALERTING

Virtustream Enterprise Cloud’s alerting engine helps organizations monitor and manage ongoing security risks by allowing administrators to set alerts and alarms on a wide variety of system security events.

SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

To meet the most stringent enterprise security requirements, Virtustream Enterprise Cloud provides a tightly-integrated, real-time SIEM framework to ensure high degrees of situational awareness. The Virtustream Enterprise Cloud SIEM offers advanced log management, event correlation, alarms and alerts, and comprehensive security dashboards. Virtustream Enterprise Cloud SIEM also offers a variety of compliance management features.

CONTROL

With trust and visibility established, a healthy security plan puts controls in place to enforce enterprise policy. Virtustream Enterprise Cloud offers several features to enact enterprise security controls, including role-based authorization, network controls and advanced multi-tenancy and cloud federation features.

ROLE-BASED ACCESS CONTROL (RBAC)

Minimizing the risk of internal threats requires a strict separation of administrative responsibilities. To facilitate this, Virtustream Enterprise Cloud provides role-based access controls capable of providing granular authorization based on user-defined roles. Roles range in scope from super-administrators with total control to read-only access for restricted users.

As part of the employment process, employees undergo a screening process applicable per regional law. Dell’s annual compliance training includes a requirement for employees to complete an online course and pass an assessment covering information security and data privacy. This security awareness program may also provide materials specific to certain job functions.

VIRTUAL FIREWALL

Virtustream Enterprise Cloud’s full-featured virtual firewall technology can be enabled to protect virtual infrastructure from transport layer attacks. With a complete view of all network traffic, virtual network settings and virtual machine states, the virtual firewall provides access control using stateful policies that define which ports, protocols, destinations and virtual machines should be blocked.