Responsibility Model

Security is a shared responsibility between Virtustream and the customer. Virtustream’s shared responsibility model clearly articulates which controls Virtustream implements and which controls a customer must implement to achieve compliance.

Virtustream Responsibility—Security of the Cloud

Virtustream is responsible for the security and protection of the infrastructure that runs all Virtustream cloud services. This infrastructure is composed of the hardware, software, operating system, networking, and facilities, and can include databases for certain applications.

In a traditional cloud model, the customer remains responsible for the applications, user access, and databases. With Virtustream Managed Services, customers can opt to simplify operations further and shift security for the operating system and databases to Virtustream.

Virtustream Managed Security Services

For a truly enterprise-class experience, Virtustream can augment an organization’s cloud services with Virtustream managed security services. Some of the fully managed security services available at the virtual machine (VM) and network level include:

  • Anti-Virus/Anti-Malware: Detects and blocks viruses, trojans, spyware, and other malicious activity
  • Host-based Intrusion Detection System (hIDS) and Firewall (hFW): A bi-directional layer 4 stateful firewall along with a sophisticated IDS engine can prevent, detect, and block malicious traffic and behaviors such as reconnaissance scanning, denial of service attacks, or SMB exploits
  • Network-based Intrusion Detection System: Detects network-level threats against hosted assets such as attacks that seek to take advantage of network vulnerabilities and unpatched systems using both vendor-supplied threat signatures and a behavioral baseline to assess unknown threats based on atypical network behavior and anomalies
  • File Integrity Monitoring (FIM): Detects changes to registry values, registry keys, services, processes, installed software, ports, and files
  • Transparent Data Encryption (TDE; data at rest): Provides encryption key build and management, along with data access policy management for the directory that houses the data portion of a database (e.g. SAP) in a tenant environment
  • Vulnerability Scanning: Scans customer systems for vulnerabilities in their operating systems to produce a recurring vulnerability report. This report can be provided to either the customer or the Virtustream Application Managed Services (AMS) team. The report can then be used to schedule maintenance windows and system patches to ensure that the systems are kept up to date.
Customer Responsibility—Security in the Cloud

The customer is responsible for application updates and patches including for security, identity and access management, and network security.