Data Privacy
- Conforms to HIPAA best practices and can meet requested levels of compliance.
- Hosting account is setup as a dedicated organizational unit, separating it from any other accounts.
- Wazuh IDS allows for 10 years or more of audit logging which includes tracking of all user interactions within the application, e.g. user login, updates made to the website.
- Utilizes AWS KMS for creating encryption keys as well as permission to keys is limited to a dedicated AWS IAM account.
- Transmitted data is encrypted utilizing TLS with additional options available for more sensitive data. Data at rest is encrypted by 256 bit AES encryption with access controls that follow a least privilege model.
Firewall
- All sites are configured behind the AWS WAF which uses a mixture of managed AWS security rules and rules designed specifically for your applications and is maintained by our cloud team.
- DDOS Protection with additional layers of added support to augment the WAF and automatically add blocking rules as malicious traffic attempts to access the hosted websites.
- AWS Shield Advanced can be added to the architecture to protect against large scale DDOS attacks.
Intrusion Detection
- All servers have an IDS installed, powered by Wazuh.
- This not only monitors for suspicious activity and server integrity but allows for OS vulnerability monitoring and external log storage.
- Wazuh is configured with specific rules to automatically notify the ZenCloud team of any alerts raised so that remediation can be performed.
- Any high risk issues found are patched within 24 hours.
Penetration Testing
- Utilizing Vonahi vPenTest to go above and beyond identifying vulnerabilities by actually exploiting them to demonstrate what happens if an attacker got access to the network.
- Pen tests can be enabled to look for sensitive data, performs exploits, conduct man-in-the-middle attacks, crack password hashes, escalate privileges on the network, and even impersonate users to find sensitive data.
- This layer of testing can be scheduled at any cadence (weekly, monthly, quarterly) to help anticipate any potential exploits.
- Remediation of high risk issues found are performed within 24 hours.
- ZenCloud also partners with third-party vendors to provide outside pen testing performed by professional hackers.
Vulnerability Scanning
- Additional layer of monthly vulnerability scanning with Nessus and remediation to scan for application level vulnerabilities on top of the core operating system that the IDS monitors.
- This layer of testing can be scheduled at any cadence (weekly, monthly, quarterly) to help anticipate any potential exploits.
- Remediation of high risk issues found are performed within 24 hours.
High Availability/Scalability
- Auto scale architecture–automatically brings resources online to handle traffic, allows for 0 server downtime during deploys, and spins servers back down automatically when they are not needed.
- Varnish and Cloudfront in place for caching to optimize page speed and overall application performance.
- Multi AZ for replication-ability expand the web servers and databases to replicate another availability zone within an AWS region, or to an entirely different AWS region.
- Allows for full, near real-time replication with a recovery time objective of less than 1 hour in case of catastrophic failure.
- Deep vault for long term storage for site data up to 10 years or more, if required.
Explore more ZenCloud Features
Try ZenSource for Yourself
Skip the slick sales presentations: Let our team take you through the ZenSource experience with a demo catered to your needs. Whether you're upgrading Drupal, need better support or a new place to host your web apps, we can help.