Why Data Center Security MattersIn many organizations, the misalignment of logical security and physical security is a significant problem that needs to be resolved. Logical security controls can often be bypassed by having physical access to the equipment. At IO, we use all the security measures at our disposal to synergistically protect the data center from every angle that a potential adversary might attack it.
Logical SecurityLogical security measures employed at IO include Alert Logic for as-a-service network, system, and web application security. In addition, the active directory within our enterprise resource planning (ERP) system, as directly managed by our customers through our portal, enables strict role-based access into IO facilities and networks for our customers and partners.
VisibilityAt IO, multiple feeds and metrics—captured in real time throughout IO’s facilities—monitor network activity at all points of ingress. These metrics are captured and reported 24xForever by an automated system solely dedicated to the task. By combining visibility into network activity at points of ingress with visibility from sensors monitoring the data center environment, IO is better able to make real-time decisions to protect the network and the data center.
Local MitigationAnomalous behaviors cause immediate alerts to be sent to IO.Mission Control, who investigates the event. Should action be warranted, IO.Mission Control can use mitigation systems to quickly and automatically minimize the event at the edges of our network. These mitigation systems protect the network infrastructure, which helps us provide the continuity of network services that our customers expect.
Global MitigationIO is a widely connected network by design, and this presents options that help us handle large DDoS events. By launching a global response to DDoS events, we initiate mitigation efforts beyond the edges of our network and up into our partner service provider infrastructures. We can scale across many provider networks in parallel, pushing the attack traffic further up the chain. In those ways, we’re better able to deflect attacks and provide continuity of service at all points.
UTI Tier 3 Design CertifiedAvailable in most of IO’s Data Centers, Tier III site infrastructure means that each and every capacity or distribution component necessary to support the IT processing environment can be maintained on a planned basis without impact to the IT environment.
SOC1 – Type 2Includes the design and testing of controls to report on the operational effectiveness of controls over a period of time.
SOC2 – Type 2Provides pre-defined, standard benchmarks for controls related to the security, availability, processing integrity, confidentiality, or privacy of a system and its information.
UL 2755 ListingIndustry’s first-ever modular data center safety certification ensures that components work together as a system ready for deployment.
TVRARequired by the Monetary Authority of Singapore (MAS), IO undergoes a Threat, Vulnerability and Risk Assessment (TVRA) every two years to identify security threats to and operational weaknesses in a data center in order to determine the level and type of protection that should be established to safeguard the facility.
“IO and CyberTrails are helping us meet the rigorous security and compliance demands of our enterprise customers with top-notch data center infrastructure that provides the foundation for our cloud applications.”
Gabriel Gabaldon, Chief Technology Officer PROACTIS and Intesource