PrimaCloud was designed from the ground up for the security of your applications and data. ENKI ensures the security of your Virtual Private Data Centers through a combination of active and passive security measures, including certified data center locations with physical security plans and backup systems, programmable firewalls and routers, data and infrastructure hiding, data encryption, user-definable software and networking elements in your VPDC, internal security practices, and optional compliance-oriented security and data protection services as detailed on our Security Services page. These practices and services are sufficient to ensure that the hosting portions of your compliance requirements - including FedRamp, HIPAA and PCI - are met completely, no matter which compliance regulations you wish to achieve.
ENKI's approach to security is to use the power of our VMware virtualized environment and virtual private datacenters to enable you to design - or design for you as part of our services - a security architecture and infrastructure that exactly matches the needs of your business and your application. With access to thousands of virtualized security appliances and the ability to configure your virtual private datacenter over the web to conform to any netowork topology, we can meet any security requirement. And, security doesn't have to be expensive: starting with the essential basics of per-VM full data encryption and a Web Application Firewall at as little as $100/mo will protect you from many of the most common attacks and vulnerabilities, including events like the recent theft of millions of patient records from Anthem!
Please review the list of our capabilities below, or download our Security Datasheet.
Managed Hosting Certifications and Capabilities:
- ENKI data center facilities are SOC2 certified, as well as SSAE-16 Type I and Type II certified, PCI, and SOC1. We offer FedRamp compliant facilities through our partnership with IBM.
- HIPAA and PCI support packages - see our Security and Compliance page.
Managed Hosting Physical Security:
- 24x7 security guards at entrance with full video facilities inspection
- Three-layer building security provided by key cards with electronic logging and video surveillance, biometrics for access to equipment areas, and locked cabinets or cages.
- Locked private cabinets or cages for all ENKI equipment accessible only to duly authorized ENKI employees or certified vendors.
- All customer data stored only on secured ENKI equipment
- Available physically separate data storage equipment for PCI compliance.
Managed Hosting Network security:
- Triple-layer firewalls:
- Juniper Edge routers with optional custom/per-customer configuration
- Sophos or Customer-specified Active Firewalls with Web Application Firewall capability and adaptive antivirus/antimalware/anti-exploit filtration and IDS as software appliances in your virtual datacenter
- Optional third-party DDOS mitigation, Web Application Firewall, and content caching through an ENKI partner.
- Available 360 degree encryption of all data leaving your VM/VPDC ensuring complete storage and transport privacy, with automatic key management (ENKI SecurVault.)
- All administrative interfaces to networking equipment, VMWare, and customer systems through secure sockets transport interfaces.
- VPN-based access to management portal with dual-factor authentication (key and password).
- Access to login prompt of customer systems requires per-user public key encryption and IP-based permissions
- Virtual Private Data Centers are on private networks (hardware VLANs) undetectable and not accessible from outside the VPDC
- Customer applications/virtual data centers scanned for vulnerability (on demand.)
- Optional third-party DDOS protection.
- Agreements with upstream providers for multi-layer defense-in-depth against DOS attacks
- Excess bandwidth provisioning to insulate against DOS/DDOS attacks
- Available VPN for point-to-point connection to your physical location (ENKI EasyVPN.)
- All personnel responsible for maintaining customer’s security requirements must be aware of customer’s specific security requirements as contracted and agree to maintain them.
- All personnel with access to customer data and equipment are required to sign confidentiality agreements.
- Security incidents and security change management are tracked in ENKI’s case management system and reviewed for policy generation or modification.
- Access to physical assets is limited to ENKI personnel and escorted contractors responsible for maintaining them.
- Access to customer applications is limited to ENKI personnel responsible for maintaining them.
- Customer-specific access data is stored in ENKI's implementation of LastPass system with encryption and password and role-based protection for sensitive data.
- All security procedures and methods are documented in ENKI internal runbook, available for customer compliance processes.