data

Data Privacy

  • Conforms to HIPAA best practices and can meet requested levels of compliance.
  • Hosting account is setup as a dedicated organizational unit, separating it from any other accounts.
  • Wazuh IDS allows for 10 years or more of audit logging which includes tracking of all user interactions within the application, e.g. user login, updates made to the website.
  • Utilizes AWS KMS for creating encryption keys as well as permission to keys is limited to a dedicated AWS IAM account.
  • Transmitted data is encrypted utilizing TLS with additional options available for more sensitive data. Data at rest is encrypted by 256 bit AES encryption with access controls that follow a least privilege model.

Firewall

  • All sites are configured behind the AWS WAF which uses a mixture of managed AWS security rules and rules designed specifically for your applications and is maintained by our cloud team.
  • DDOS Protection with additional layers of added support to augment the WAF and automatically add blocking rules as malicious traffic attempts to access the hosted websites.
  • AWS Shield Advanced can be added to the architecture to protect against large scale DDOS attacks.
lock
IDS

Intrusion Detection

  • All servers have an IDS installed, powered by Wazuh.
  • This not only monitors for suspicious activity and server integrity but allows for OS vulnerability monitoring and external log storage.
  • Wazuh is configured with specific rules to automatically notify the ZenCloud team of any alerts raised so that remediation can be performed.
  • Any high risk issues found are patched within 24 hours.

Penetration Testing

  • Utilizing Vonahi vPenTest to go above and beyond identifying vulnerabilities by actually exploiting them to demonstrate what happens if an attacker got access to the network.
  • Pen tests can be enabled to look for sensitive data, performs exploits, conduct man-in-the-middle attacks, crack password hashes, escalate privileges on the network, and even impersonate users to find sensitive data.
  • This layer of testing can be scheduled at any cadence (weekly, monthly, quarterly) to help anticipate any potential exploits.
  • Remediation of high risk issues found are performed within 24 hours.
  • ZenCloud also partners with third-party vendors to provide outside pen testing performed by professional hackers.

Vulnerability Scanning

  • Additional layer of monthly vulnerability scanning with Nessus and remediation to scan for application level vulnerabilities on top of the core operating system that the IDS monitors.
  • This layer of testing can be scheduled at any cadence (weekly, monthly, quarterly) to help anticipate any potential exploits.
  • Remediation of high risk issues found are performed within 24 hours.

High Availability/Scalability

  • Auto scale architecture–automatically brings resources online to handle traffic, allows for 0 server downtime during deploys, and spins servers back down automatically when they are not needed.
  • Varnish and Cloudfront in place for caching to optimize page speed and overall application performance.
  • Multi AZ for replication-ability expand the web servers and databases to replicate another availability zone within an AWS region, or to an entirely different AWS region.
  • Allows for full, near real-time replication with a recovery time objective of less than 1 hour in case of catastrophic failure.
  • Deep vault for long term storage for site data up to 10 years or more, if required.

Try ZenSource for Yourself

Skip the slick sales presentations: Let our team take you through the ZenSource experience with a demo catered to your needs. Whether you're upgrading Drupal, need better support or a new place to host your web apps, we can help.