Responsibility Model

Responsibility plays a key factor in building trust, and knowing who is responsible for what in a partnership between a cloud provider and a customer can truly benefit both organizations. Security is a shared responsibility, and Virtustream strives to be transparent by implementing a shared responsibility model to clearly articulate which controls Virtustream implements and which controls a customer must implement to achieve compliance.

In this model, Virtustream is responsible for the security of the cloud, whereas the customer is responsible for the security in the cloud. We ensure the security and protection of the cloud infrastructure that runs our cloud services, and the customer is responsible for application updates and patches including for security, identity and access management, and network security.

Virtustream Managed Security Services

Customers have the freedom to augment portions of this responsibility model by purchasing Virtustream’s Managed Security Services. This enables them to simplify their operations by shifting security for the operating system and databases to Virtustream. Some of the fully managed security services available at the virtual machine (VM) and network level include:

  • Anti-Virus/Anti-Malware: Detects and blocks viruses, trojans, spyware, and other malicious activity
  • Host-based Intrusion Detection System (hIDS) and Firewall (hFW): A bi-directional layer 4 stateful firewall along with a sophisticated IDS engine can prevent, detect, and block malicious traffic and behaviors such as reconnaissance scanning, denial of service attacks, or SMB exploits
  • Network-based Intrusion Detection System: Detects network-level threats against hosted assets such as attacks that seek to take advantage of network vulnerabilities and unpatched systems using both vendor-supplied threat signatures and a behavioral baseline to assess unknown threats based on atypical network behavior and anomalies
  • File Integrity Monitoring (FIM): Detects changes to registry values, registry keys, services, processes, installed software, ports, and files
  • Transparent Data Encryption (TDE; data at rest): Provides encryption key build and management, along with data access policy management for the directory that houses the data portion of a database (e.g. SAP) in a tenant environment
  • Vulnerability Scanning: Scans customer systems for vulnerabilities in their operating systems to produce a recurring vulnerability report. This report can be provided to either the customer or the Virtustream Application Managed Services (AMS) team. The report can then be used to schedule maintenance windows and system patches to ensure that the systems are kept up to date.