eNlight Cloud has been designed to keep up with all security requirements and resist all threats prevailing in today's online ecosystem in order to ensure smooth functioning of the operations. With eNlight Cloud, you can be assured that your application / website / information / database is protected with against all security threats. We make sure that all client data is kept highly confidential; to reinforce the trust and confidence our customers have in us. We adhere to rules and regulations by taking adequate security measures. We are certified and competent to ensure total security against data theft and information leakages, to diminish risks and un-complicate server security.
We follow the strictest rules in our datacenter to enforce 100% security. Physical access to eNlight Infrastructure is rigorously controlled throughout the facility by professional security staff. Modern Security Systems including video surveillance, biometric access control, motion and entry detection cameras with alarms are installed throughout the premise. Our security layer ensures that only Authorized Personnel have access to the Datacenter facility, and all visitors are required to provide identification only after which they are allowed a facility visit escorted by a staff member.
Secure Cloud Infrastructure
eNlight Cloud cluster stores data on enterprise storage devices having multiple security layers. These security layers are further strengthened by the best security practices followed to store eNlight data, including Isolation of storage from public network and thick provisioning of storage to negate sharing. eNlight is based on hardware virtualization technology which isolates cloud servers at the hypervisor layer for additional data security. This explicit virtualization of the physical resources leads to a clear separation between guest and hypervisor, resulting in additional secure separation between the two. Customer instances have no access to raw disk devices, but instead are presented with virtualized disks. The eNlight Virtualization layer automatically resets the chunk of storage used by a customer, thus preventing exposure of one's data to the other.
Server Isolation & Security
Inside eNlight secure environment, the isolation layer replicates cloud resources (processors, memory, storage, etc.) to match the execution requirements of the original server. Using this approach, servers and applications run on eNlight cloud "as is" without requiring modification or redesign, and without any disruption. eNlight's tightly integrated modules easily expand to ensure server, application, and data security across physical, virtual, and cloud servers, as well as virtual desktops. eNlight Cloud offers a comprehensive, centrally managed platform to help you simplify security operations.
Our staff members are prohibited from viewing the content of the files you store in your eNlight account, and can only view file's metadata (file names and locations). Storage Servers are Isolated from the Public Network, and safely nestled into a Private Network, thus eliminating all the threats & attacks that the Internet poses. Traffic to and from eNlight Cloud stays within the corporate firewall without crossing the Internet. Our regulated routing policies also specify the users that are actually allowed to reach the Cloud resources.
eNlight Cloud deploys Network virtualization techniques that separate diﬀerent networks on the same hardware and therefore, partitions resources accordingly. This ensures excellent isolation along with regulated network resource sharing within different users. Network Isolation boasts of multiple advantages: viruses and worms cannot propagate into eNlight Cloud's isolated network, malicious users and external software are unable to attack eNlight servers as they lack the authentication credentials required to establish communication within eNlight's Isolated Network.
Every customer is kept in a VLAN with L3 Switch in the backend. This reduces trivial network vulnerabilities and provides significant protection against traditional network security issues such as Distributed Denial of Service (DDoS) Attacks, Man in the Middle (MITM) Attacks, IP Spoofing, Port Scanning and Packet sniffing by other tenants. Security is provided on multiple levels: the operating system (OS) of the host, the virtual instance OS or guest OS and firewall. Some of the key features of eNlight Network Security are:
- Private VLANs.
- Anti-spoof / anti-sniff firewall technology.
- Customer isolation in public cloud.
- ARP access list used to avoid man-in-middle kind of attacks and IP thefts.
- On request dedicated Firewall Provision with SSL and IPsec VPNs.
- High end Cisco anomaly detector with sophisticated algorithms to analyze the traffic.
- High end Cisco anomaly Guard, capable of handling 1Gbit/s traffic, to protect network from DDoS attacks.
- Out of Path Traffic filtering system to block malicious traffic without affecting normal traffic.
Protection against IP Spoofing & Theft
All systems and applications are protected against all known and potential threats. To protect against IP Spoofing, eNlight Cloud has been implemented with IP-MAC-Binding policies to ensure "zero" IP thefts, thus IP addresses get bounded with the MAC address of the VM they have been provisioned on. Similar policies are implemented on routers so if MAC gets spoofed, the router still does not forward traffic on unknown MAC address. In addition, eNlight interface does not accept addresses within the internal range as the source. eNlight ensures that proper authentication measures are in place and carried out over a secure (encrypted) channel. eNlight's host-based firewall infrastructure does not allow an instance to send traffic with a source IP other than its own.
Security against Internet threats
eNlight cloud is protected against various threats over the internet by multiple protection mechanisms, which are :
- Default Firewall - Enabled on all servers by default.
- . An IDS connected in parallel to the router which continuously monitors traffic and blocks known threats such as application and network virus(es). It also helps detect and eliminate possible DDoS attacks.
- 24 x 7 NOC teams keep a close watch on aberrant behaviour of network.
We have a team of NOC engineers who monitor every activity of Network 24x7. eNlight's automated monitoring tools offer high level of performance and availability. eNlight system has been specially designed to monitor key operational metrics including notifications to alert management. Alarms are configured to notify operations and management staff when thresholds are crossed on key operational metrics. Documentation is maintained to aid effective handling of incidents, as well as for future reference.
eNlight Cloud monitors the servers continuously and provides resources within a very short span from load detection timestamp. These changes are logged in real time and are provided to the clients with a maximum of 90 seconds cycles. The usage and amount utilized can be monitored on hourly, daily, monthly and yearly basis.
Secure VM Management
Identity of every client is verified by our billing staff and his / her email address is kept as the primary access parameter for Cloud account. Client gets access to the cloud using the same access credentials. Different Access Control Lists are maintained for staff members involved in providing eNlight support and services.
Security against Privileged Users:
eNlight Cloud is built on 3 layers of isolation, which are :
- Server logins and client billing details are isolated to highest layer. At this level, the access details may be disclosed only by the client.
- Billing area and cloud servers.
- Layer 3 switches for network isolation and security.