Security is the number one priority for a Cloud-Hosted service. The nature of the Internet means that any service that uses it should have security at the core of its design. Our IT platforms are built and operated using industry best practice to meet compliance requirements.
We address security across four layers:
With our Cloud-Hosted service, we secure the user desktop from malware infection and implement threat analysis to block any suspicious activity quickly
Using Private Cloud and dedicated authentication gateways we enable customer-specific security and deploy proactive monitoring and reporting of failed login attempts
At the user level we deploy SSL encrypted connections and optional multi-factor authentication
We encrypt all customer data on our systems both at rest and in motion by using Trusted Platform Module technology to encrypt storage and AES 256-bit encryption to secure data in transit between our datacentres.
Taking a Cloud service without serious levels of security means you risk losing your company data, and your customer’s data getting into the wrong hands. This could potentially destroy your business reputation and result in company directors being fined and forced business closure.
Additional Cloud service options fall into three categories:
Controlling access to the desktop
Controlling access to the desktop
Our Cloud-Hosted desktop platform employs higher security levels than that of our competitors, and we are constantly evolving our offering to respond as hacking attacks become more sophisticated. For example, today we provide failed login reporting, something often required by regulatory auditors and is focused on stopping unauthorised access. We also offer an optional threat analysis system which is aimed at detecting and alerting of unusual activity by authenticated users. This uses machine learning to analyse network data at a packet level, looking at both authentication attempts and patterns of network activity synonymous with hackers searching for potentially valuable information.
We carry out regular penetration tests on our complete infrastructure and now offer customers monthly penetration test with detailed reporting against an individual customer’s servers to assist with regulatory audits.
One of the advantages of using a Cloud-Hosted desktop services is that data is held securely and centrally. If required, we can prohibit access to remote drives and USB sticks. As an additional service we can block access to specific email providers or applications such as Dropbox that might be used by staff to transfer data out of the business. Website filtering is also available to restrict user access to non-core websites and services.
Migrating to our email services will allow the deployment of enhanced Microsoft Exchange email features including user activity monitoring, enhanced email security, email archiving and Mobile Device Management (MDM) which all help to protect users against computer viruses and suspicious emails.
The Benefit Of Experience
Our Cloud-Hosted desktop team have been providing a hosted desktop service since 2003, longer than anyone else in Europe. In fact, we were even involved in the development of the underlying communication protocols used to deliver these services globally. In the complex world of Cloud-Hosted desktops, there is no substitute for experience.
As early adopters of the Microsoft SPLA (Service Provider Licence Agreement) which is Microsoft’s pay monthly licensing programme, we propose the most cost-effective and compliant licencing solution for our customers. Most Cloud-Hosted desktop service providers do not focus on subscription licencing, because it is the customer who is liable if mistakes are made. We do not think that is right. Therefore, we act on behalf of our customers to ensure they are correctly licenced for their usage.
Design and implementation
We know how to build largescale IT infrastructure for businesses, and we have applied our experience to building a reliable Cloud-Hosted desktop infrastructure for many organisations. We do not simply create desktops in the Cloud; we build all the surrounding elements, such as domain controllers, file servers, database servers and secure access gateways that you find in large enterprises. This provides the most secure and reliable platform.
Low-cost or inexperienced providers will typically attempt to run everything from a single Internet facing server, but this means that a customer server with live data is exposed directly to the Internet through open firewall ports, which are often the subject of brute force attacks from hackers. Having dedicated security devices to which all users authenticate before being passed to their dedicated resources and data affords the best security protection.
All data centres we use meet the following requirements:
All are ISO 27001:2013 compliant, the data management standard, which ensures your data is protected, and only security-cleared staff have physical access to datacentres
Servers and services are monitored by independent third parties from a minimum of two UK datacentres to provide verification of our uptime for SLA and alerting purposes
All sites are security monitored 24/7
All physical site access is recorded; work on servers is recorded to video
Access is only granted to pre-authorised and vetted agents, and the authorisation includes Disclosure and Barring Service (DBS) (previously Criminal Records Bureau [CRB]) checks
Access to the data hall is either restricted to datacentre staff or our own engineering staff.
It is incredibly difficult to gain access to our datacentres; they are more like a bank vault than a business location, and they are equipped to keep on running no matter what.
Our datacentres have:
Multiple redundant data feeds from different connectivity providers
Fully redundant cooling and failover power
Onsite battery backup for up to 1 hour with diesel generators ready to go with 8 hours of fuel held in underground tanks and contracts in place to expedite the supply of additional diesel fuel within 4 hours
Key to many of our financial services clients is that we only use datacentres located outside Central London, so less likely to be affected by a terrorist incident
Highest Quality Infrastructure
Equipment failure is rare, but can occur. To reduce risk, we use enterprise grade servers which provide much higher levels of availability than standard servers. All our hosted desktop servers use redundant disk arrays, which offer the best performance and fault tolerance.
Servers are all pre-configured with intelligent hardware monitoring to alert our team to component failure. Using external, independent monitoring services, we monitor and proactively support our systems twenty-four hours a day.
At least one spare of every component used in our servers and infrastructure is stored onsite for our exclusive use to ensure that swap-outs can occur without the need to contact vendors and wait for deliveries. Depending upon the service plan that customers have signed up to, servers (not just the data, but also system and application software and configurations) are backed up either daily or hourly at the primary datacentre and replicated to a second datacentre. This is quite different to our competitors who either don’t backup, only backup to the primary site, or if they do replicate data to a second datacentre, they don’t have the redundant hardware available at the second site to run the systems. It is then necessary to restore to hardware at a third site which causes delays in becoming operational in the event of a disaster.
We take data security very seriously and we strictly control access. All user data is encrypted prior to any export from the datacentre, and remote access for customers is only provided over SSL secured connections.
Monthly, we commission third-party Penetration (PEN) tests to interrogate our Internet security and ensure protection from unauthorised access.
All remote user access is provided via dedicated gateway servers, which act to split genuine user traffic from illicit access or hacking attempts.
We are often asked “How secure is your Cloud-Hosted Desktop?”
Firstly, to obtain access, a third party would need to have access to your connection settings, username, domain name and password. As long as you do not share your password with someone else and select a reasonably complex password, access is extremely difficult.
If a hacker were to obtain your username and use brute force password cracking, we automatically lock the account for 30 minutes after five failed attempts, and simultaneously alert our 24/7 security team who can analyse the logs and, if necessary, contact the customer to discuss the event.
As an additional security feature, we can provide dual-factor authentication. This means that to obtain access a hacker would require your username, password, connection credentials and physical access to your unlocked tablet or smartphone device. This reduces the likelihood of unauthorised access to almost zero.
Backup And Disaster Recovery
By default, all our customer servers and data are backed up either at hourly or daily intervals, depending on the service level chosen by the customer, both within the primary datacentre and to a secondary datacentre.
The minimum retention period for backups is 30 days, although many customers opt for 90 days or 5 years for FCA compliance. We keep all backup data in an AES 256-bit encrypted format.
We also offer service options for continuous recovery to a secondary datacentre to be up and running in minutes if the primary datacentre were to be lost.
Desktop And Application Management
We provide dedicated Cloud-Hosted desktops. As a result, there are no short, forced session time-outs or loss of user data. This contrasts with entry level ‘Cloud-Hosted desktop’ services that impose maximum session or usage times, forcing log offs after periods of inactivity resulting in the loss of unsaved work.
Our desktop management application provides profile-based user management with protection from malware or virus attack. We work on the basis of whitelisted applications per user, which means that if a user attempts to run illicit or malware software, it cannot execute. In our experience, this is the best way to protect organisations from the impact of malware, ransomware, and the use of unlicensed or illegal software. Most of our customers require the use of Macros within applications such as Microsoft Excel. If this is not required, it can be disabled to offer a higher level of security protection.
Unlike most of the Cloud-Hosted desktop marketplace, we take responsibility for patching your servers. We schedule weekly maintenance windows and carry out the often complex and time-consuming patching process. We believe that server patching should be done by the experts and not forced onto the customer to take responsibility.
Consultancy, Bespoke Design And Applications Migration
The Cloud-Hosted desktop team have experience in the migration of many applications, which makes it easy for us to migrate new clients with minimal risk. Some applications can be quickly and easily migrated to the Cloud whilst others need bespoke development or dedicated processing resource pools, such as Thomson Reuters Eikon or Bloomberg Professional, to guarantee performance.
Unless a service provider has specific application knowledge, most will struggle to get essential business applications working or performing. This is the area in which our unrivalled experience in migrating applications comes into its own. Many of our customers have come from other Cloud-Hosted desktop providers because they were unable to get their business applications working satisfactorily.
Given our experience, we can provide in-depth consultancy for our customers and guidance on applications to use, possible issues and compatibility problems, etc.
We can also provide bespoke server solutions for specific applications such as Bloomberg Professional with full Bloomberg keyboard support.