Cloud Security

Cloud Security and Access Controls

Carbon60 strictly controls and audits access at all levels of its cloud hosting infrastructure.  Most fundamentally, Carbon60’s private cloud infrastructure is engineered to mitigate security breaches.  Even if a customer’s system is breached, no other customers are put at risk.   Our comprehensive access controls include the following:

Domain Level: 

  • Geographically redundant Active Directory (AD) infrastructure used to centrally authenticate and grant permissions to users
  • Customers are locked into their own domain or OU with no ability to browse outside their respective containers
  • Domain-based authentication for customer services and servers is supported
  • Administrative access to AD and domain services is strictly controlled and heavily secured
  • Password complexity is enforced for all customers and staff (both Windows and Linux)
  • Users are locked out of their accounts after multiple invalid login attempts (for Windows and Linux hosts)
  • For Windows hosts, RDP session timeout limits are enforced via group policy

User Level: 

  • User authorization controlled via centralized AD user accounts and groups
  • ADFS services supported for unified identity and access management
  • Access is delegated on a strict as-needed basis
  • Access control entries (ACE) and/or lists (ACL) applied to groups
  • Changes to group membership and ACE/ACL entries are monitored
  • Disabling an account effectively disables access to all servers, devices and services
  • Two-factor smartcard authentication required by staff to access all core components of its cloud computing infrastructure
  • Policies that lock workstations/terminals upon smartcard removal are strictly enforced
  • Integrated two factor authentication services supported for customers

Host Level: 

  • IPSec based policies using either Kerberos or X509 to encrypt traffic and identify users – shared keys are never used
  • Users must re-authenticate to perform security sensitive tasks
  • Windows and Linux servers log access to central server for auditing
  • Host-level firewalling controls traffic between hosts on same subnets
  • Secure host-level configurations are pre-engineered to incorporate best security practices and then turned into templates (i.e. host images) for new deployments.  Once deployed, the clone host is updated with the latest patches and configured to the customer final requirements
  • Access to hosts that support infrastructure services (regardless of OS) are authenticated against a non-customer facing Windows domain
  • One-time-passwords are used to access critical systems
  • On Linux hosts, SELinux is enabled by default to allow administrators more control over user access
  • All critical hosts explicitly deny all root and administrative logins

Network Level: 

  • Segmented public, private, backup, and administrative networks
  • All access and changes to network devices is logged centrally
  • All public IPs are NATed to private IPs at firewall
  • Customer’s assigned private subnets and vLANs to segment traffic securely across network
  • Subnets allocated to allow host and network firewall rules to limit traffic to any type of service
  • All network devices (firewalls, routers, and switches) managed via SSH from restricted network segments
  • Network-level firewall rules configured to prevent cross-subnet attacks
  • Firewall rules “deny all” by default