We understand how important security is to you, and we take extra steps to ensure that your information is always safe with us. eNlight's core architecture has been designed to fail safe it against any security threat.
Our facility is guarded round the clock, with high tech security measures in place. This ensures that access to eNlight's physical infrastructure is strictly monitored and controlled. Some of our security measures include:
- Video Surveillance
- Biometric Access Control
- Motion Sensor Cameras
- Security Personnel
- 7 Layer Security
- Authorized Access
We have the following certifications in place:
- ISO 9001
- ISO/IEC 20000
- QSM ISO 27001
Secure Cloud Infrastructure
eNlight Cloud is protected by multi-layer security systems. We adhere to the following best practices:
- Isolation of storage from public network.
- Thick provisioning of storage to negate sharing by isolating cloud servers at the hypervisor layer.
- Virtualization of the physical resources resulting in additional secure separation between guest & hypervisor.
- Customer instances have no access to raw disk devices, but instead are presented with virtualized disks
- eNlight Cloud virtualization layer automatically resets the chunk of storage used by a customer to prevent exposure.
Complete Isolation of Servers
eNlight's servers and applications run without disruption due to the isolation layer that intelligently duplicates cloud resources to create the exact same environment needed to execute server requirements. eNlight's modules are able to effortlessly expand to safeguard data security across servers, whether physical or virtual. eNlight is centrally managed to let you perform security operations seamlessly.
Our employees do not have access to the content on your eNlight account. The only information available to them is in the form of metadata, containing only file names and locations. Our storage servers are nestled into a private network, thus securing them from the threats that come with using public networks. Our corporate firewall maintains traffic to and from eNlight within itself, with our routing policies ensuring that the Cloud resources can be accessed only by authorized users.
eNlight's network virtualization is able to partition resources to isolate network sharing, by segregating different networks on the same hardware. This technique has multiple advantages, including entry barrier for viruses, malicious users. It also blocks the entry of external software into eNlight's isolated network, by applying access controls and verifying credentials required for authentication.
To minimize network vulnerabilities and to provide robust protection against network security issues, all eNlight users are maintained in a VLAN with an L3 switch making up the backend. eNlight comes with anti-spoof technology and an optional hardware firewall. It is armed with Cisco anomaly guard, which can handle traffic up to 1Gbit/sec and safeguard network from DDoS attack. eNlight warrants customer isolation on public cloud and protects with multi-level security spanning across OS, including host, guest or a virtual instance.
Protection from IP Theft & Spoofing
IP-MAC-Binding policies have been applied to protect from IP thefts, by bounding the IP address with MAC address of the virtual machine being used. These policies have been extended from IPs to the router, so that even if the MAC fails, the router blocks unknown MAC addresses. To add to security measures, eNlight interface rejects addresses whose source falls within the internal range. All authentications are done over an encrypted channel, and instances can only send traffic where the source IP is their own.
Security from Internet Threats
eNlight comes with a default firewall which provides protection to all the servers. eNlight also has an IDS which is connected to the router, and monitors traffic uninterruptedly to block any threats that may arise. It also protects against DDoS attacks. Our monitoring team is on alert round the clock to intercept any unsual network activity.
Continuous Monitoring of Uptime
Our team of engineers dedicatedly monitors the network round the clock, so that no unusual activity goes unnoticed. eNlight comes with inbuilt monitoring tools which monitor key metrics, and activate alarms when set thresholds are crossed. Each instance is recorded to be used as real time references in future. eNlight's resource deployment cycle in real time spans to a maximum of 90 seconds, and the usage can be easily monitored hourly, daily etc.
Our billing team has certain processes in place to verify a client's identity, where the email address serves as the primary access for a cloud account. The clients have to use the same access credentials every time they wish to access their account. Support staff access to eNlight is also limited by access control lists.
Protection from Privileged Users:
We have privacy policies in place that are mandatorily signed by privileged users, which attract heavy penalties and legal actions if breached. The facility is kept strictly free of gadgets and items of personal nature. Firewalls ensure defense from online threats, and also carry records of all activity logs of privileged users. eNlight's operations are excessively automated to avoid unnecessary human contact. Independent racks have been installed for network, storage and nodes which can be access only after biometric authentication. eNlight's isolation layers include isolation of server login and billing details, isolation of cloud servers and network isolation.