Why Data Center Security MattersIn many organizations, the misalignment of logical security and physical security is a significant problem that needs to be resolved. Logical security controls can often be bypassed by having physical access to the equipment. At IO, we use all the security measures at our disposal to synergistically protect the data center from every angle that a potential adversary might attack it.
Logical SecurityLogical security measures employed at IO include Alert Logic for as-a-service network, system, and web application security. In addition, the active directory within our enterprise resource planning (ERP) system, as directly managed by our customers through our portal, enables strict role-based access into IO facilities and networks for our customers and partners.
VisibilityAt IO, multiple feeds and metrics—captured in real time throughout IO’s facilities—monitor network activity at all points of ingress. These metrics are captured and reported 24xForever by an automated system solely dedicated to the task. By combining visibility into network activity at points of ingress with visibility from sensors monitoring the data center environment, IO is better able to make real-time decisions to protect the network and the data center.
Local MitigationAnomalous behaviors cause immediate alerts to be sent to IO.Mission Control, who investigates the event. Should action be warranted, IO.Mission Control can use mitigation systems to quickly and automatically minimize the event at the edges of our network. These mitigation systems protect the network infrastructure, which helps us provide the continuity of network services that our customers expect.
Global MitigationIO is a widely connected network by design, and this presents options that help us handle large DDoS events. By launching a global response to DDoS events, we initiate mitigation efforts beyond the edges of our network and up into our partner service provider infrastructures. We can scale across many provider networks in parallel, pushing the attack traffic further up the chain. In those ways, we’re better able to deflect attacks and provide continuity of service at all points.
UTI Tier 3 Design CertifiedAvailable in most of IO’s Data Centers, Tier III site infrastructure means that each and every capacity or distribution component necessary to support the IT processing environment can be maintained on a planned basis without impact to the IT environment.
SOC1 – Type 2Includes the design and testing of controls to report on the operational effectiveness of controls over a period of time.
SOC2 – Type 2Provides pre-defined, standard benchmarks for controls related to the security, availability, processing integrity, confidentiality, or privacy of a system and its information.
ISO27001 (in progress)ISO management system standards, certification to ISO/IEC 27001 is not obligatory. IO has this certification to benefit from its best practices in managing confidential or sensitive corporate information so that it remains secure, as well as providing reassurance to customers and clients that its recommendations have been followed.
UL 2755 ListingIndustry’s first-ever modular data center safety certification ensures that components work together as a system ready for deployment.
TVRARequired by the Monetary Authority of Singapore (MAS), IO undergoes a Threat, Vulnerability and Risk Assessment (TVRA) every two years to identify security threats to and operational weaknesses in a data center in order to determine the level and type of protection that should be established to safeguard the facility.
PROACTIS and Intesource
IO Rolls Out IO.OS® Software Editions that Address Customer Needs from Small Data Centers to Complex, Global Data Center Networks
IO, the leading provider of next-generation modular data center technology and services, today announced a new release of IO.OS, the premier secure data center operating software.Read the Press Release
Data Center 2.0 and Cyber Security, Part 1: Cyber Threats Now the #1 Enterprise Security Risk
In this first part of a three-part series written for the enterprise CSO, we’ll explore what cyber threats are and why they’re growing. In parts 2 and 3 we’ll explore the role the data center plays in cyber security and why Data Center 1.0 is unequipped to deal with those threats; and how Data Center 2.0 is the only way to ensure data security into the future.Read the Blog
Singapore Data Center and Colocation Security
Security requirements for financial services firms are among the strictest security standards. In Singapore data center security requirements include ISAE 3402 compliance as well as the requirement by the Monetary Authority of Singapore (MAS) that all financial institutions complete a Threat and Vulnerability Risk Assessment (TVRA).Read the Blog