Security and Compliance Services
ENKI's approach to security is to use the power of our VMware virtualized environment and virtual private datacenters to enable you to design - or design for you as part of our services - a security architecture and infrastructure that exactly matches the needs of your business and your application. With access to thousands of virtualized security appliances and the ability to configure your virtual private datacenter over the web to conform to any network topology, we can help you to meet any security requirement.
For clients wishing to meet specific compliance requirements, ENKI offers security packages that integrate ENKI and third-party offerings plus first-line security operations to meet HIPAA, PCI, and other compliance requirements, together with contract additions that commit ENKI to be a responsible partner in your compliance program.
Security doesn't have to be expensive: starting with the essential basics of per-VM full data encryption and a Web Application Firewall at as little as $100/mo will offer basic protection from many of the most common attacks and vulnerabilities, including events like the recent theft of millions of patient records from Anthem.
Automated Electronic Security ServicesClick on each section to reveal a description.
ENKI's automated security offerings include services provided in-house and through trusted vendor/partners. We believe that vetted third-party services are optimal for our clients because they bypass conflicts of interest, offer industry best-of-breed features, and allow ENKI to easily tailor your security services to meet your needs.
Regular scans conducted by a third party assessing the external vulnerabilities of your site and assessing them against best practices or the requirements of a compliance domain such as HIPAA, PCI, or others. The third party is certified when possible to provide evidence of compliance.
Monitoring of internal network traffic within your virtual private datacenter and to/from the edge, along with internal vulnerability scanning. Results are compared to known intrusion or attack signatures and validated against normal usage patterns to create logged incidents and alerts that can detect a break-in in progress.
Collection of selected system and application log files fed to automated and NOC-based analysis to determine if security violations have occurred and who made them Incidents are logged and alerts raised to help detect break-ins and assist in forensic analysis of data breaches as required by compliance regulations. Logs are archived offsite and stored for up to a year, secured by a third party to prevent alteration of security history.
Monitoring and control of inbound and outbound traffic to your virtual private datacenter by comparing to known attack signatures supplied by the WAF vendor. Restrictions on traffic are adapted to learned normal use patterns. Exceptions are logged and can generate alerts. ENKI's standard WAF is Sophos, but others such as F5 are available depending on your requirements. ENKI offers a standard Sophos WAF as well as high end WAFs including F5 and networked WAF services such as Qualys or Incapsula.
ENKI's highly secure SecurVault encryption operates on storage streams leaving the virtual machine, which prevents any unencrypted storage data from leaving the machine, including swap. Automated key management allows hands-off machine restarts and delegation of key control to trusted individuals.
Selected folders are monitored for changes to stored files to track unauthorized access. All changes are logged and can be reviewed or used to create alerts. By storing change configurations for your server, it can be validated against a golden image to ensure that security is maintained during cloning or copying.
Content-aware curation of sensitive data enables monitoring and control of data stored in ENKI's cloud. Based on rules set by you, the flow of data can be logged, blocked, or encrypted as needed to keep it secure and in known locations.
Sophos server-based antivirus scans for known signatures of viruses and malware and then deletes or quarantines the offending code. In addition, Sophos can monitor unauthorized encryption activity due to ransomware and roll the changes back after removing the malware.
DDOS mitigation has recently been added to a number of compliance standards which now consider uptime as part of security requirements. The best choice for clients concerned about high volume DDOS attacks are third-party upstream solutions that can also speed page delivery on content-heavy websites by providing caching. ENKI offers upstream DDOS mitigation through CloudFlare or as an option on distributed WAF services.
Security Operations and Management
Compliance requirements are comprehensive, spanning the spectrum from datacenter physical security to application design. Most of ENKI's clients engage us for IT operations management via our PrimaCare support plans, which also offer the option of being compliant with security standards such as PCI, HIPAA, and others. ENKI's Gold Compliance plans offer compliant execution of the operations portions of compliance requirements:
- First Line Of Response. ENKI is first responder for all alerts and reports produced by automated security tools such as those listed above. Adding this responsibility to the operations responsibility we already provide on our support plans means that your infrastructure is always managed for security and we can take proactive action to maintain the highest security levels based on the appropriate reports.
- Change Management and Approval. To meet compliance requirements, ENKI implements change management for your environment, including controlling the authorized personnel that can access it, and submitting all changes to an approval process that can include members of your teams and ours.
- Continuous Compliance Management. ENKI's CRM system offers Continuous Compliance, a security portal that collects information on scans, reports, personnel certifications, and scheduled compliance actions, issuing notification of compliance deadlines and providing reports on compliance status.
Security Focused Contracts
A critical component of successful compliance is a tight integration with your hosting vendor's compliance activities. ENKI offers a PCI certification in addition to the extensive physical hosting certifications that we carry from our data center partners. However for HIPAA and other compliance domains, contractual integration is necessary to assure compliance. ENKI provides contract language with our clients that fulfills the requirements of their compliance domain, including a BAA for HIPAA clients. The contents of the contract shall reflect the portion of the compliance responsibility appropriate to ENKI's role in meeting your compliance requirements and based on the capabilities and services that you contract us to provide, including electronic security measures appropriate to the compliance domain. For example, IDS, WAF, FIM and encryption are required to meet PCI requirements and must be part of the services we offer you as part of maintaining PCI compliance. As part of developing our contract with you, we will jointly determine ENKI's responsibilities for your compliance based on your budget and requirements, which will in turn determine the security levels that we can assure you.