Executive Summary
Centerprise International’s CiCloud endeavours to deliver a high degree of security and privacy for customers following the various aspects of their computing. CiCloud has attained the international auditable standard of ISO 27001 by setting best practices for data privacy, security, and information governance applied to processes, IT systems and people by establishing and maintaining a company-wide Information Security Management System (ISMS).
CiCloud is committed to openness and transparency concerning our security procedures and policies. Legal documentation for each cloud location is available publicly on the CiCloud website. In addition to ISO 27001, the cloud platform is also ISO 27017 and ISO 27018 certified in line with the GDPR. CiCloud applies the highest standards regarding users’ security, data protection, business continuity and payment processing. CiCloud is compliant with GDPR and PCI DSS. Third-party audits are also supported by either the partner or third parties.
CiCloud certifications held include: ISO27001, ISO27017, ISO27018, ISO 10002, ISO 20000, ISO 45001, ISO 14001, ISO 22301, ISO 50001, ISO9001, GEANT, EUGDPR, PCIDSS, Cyber Essentials PLUS, JOSCAR.
CiCloud Security Features
A) Physical location and legal jurisdiction
| Physical location and legal jurisdiction
CiCloud is physically located in the UK at two sites, one in Corsham, England the other in Newport, Wales and as such is subject to UK law only. This guarantees customers UK data residency and data sovereignty.
|
B) Data centre security | Data centre security
As a public cloud operator, CiCloud exclusively runs in Tier 3 and 4 data centres, which offer physical security to the highest standards with multiple layers of physical security, including: ● Monitored and guarded perimeter ● Entry man trap to inner secure perimeter ● Biometric security with man-trap for access to actual data centre ● Locked down cage in data centre ● Locked down rack in cage
CiCloud is hosted within ARK Data centres and Vantage Data centres in the UK, which hosts Crown Hosting Data Centres Limited is a joint venture between the Cabinet Office and Ark Data Centres that delivers increased efficiency, improved value and transparency of data centre hosting utilisation across all of the UK public sector.
Designed to enhance the public experience of IT and accelerate new government services to market, the Crown Hosting Data Centres catalogue of simple-to-buy services substantially reduces the operational risk and overall cost of public sector departments and organisations by providing colocation services at a fraction of the cost of other hosting competitors.
The ARK datacentre offers industry-leading multi-level security, including:
CiCloud is built on HPE Apollo server/storage technology, which features embedded Data Security to Protect Your Assets and Prevent data breaches:
Key New Features:
Silicon Root of Trust:
FW Runtime Validation:
Secure Recovery:
Commercial National Security Algorithms:
|
C) CiCloud WebApp/API | CiCloud WebApp/API
CiCloud provides two primary interfaces, which allow customers to control and manage their cloud infrastructure securely. These two interfaces include the public web provisioning portal and the public API. Furthermore, we offer a wide range of ‘wrappers’ that allow compatibility with other mainstream IaaS APIs. We offer a ‘full control’ API, meaning all account functions are available via the API and can thus be fully automated. The WebApp interface uses technologies such as WebSockets to provide a live environment that automatically pushes infrastructure status changes to customers. Our WebApp offers full management capabilities at the infrastructure layer and VNC access to cloud servers. Additionally, we have 100% coverage of all features via our API, allowing full automation of any functionality that customers require. CiCloud offers optional and add-on managed services across its cloud locations that handle the optimisation, enhanced security and monitoring of the tenants’ virtual machines. |
D) Root Access & Operating System Security | Root Access & Operating System Security
Customers retain full sole access to their data at the file system level, and our system handles all customer data automatically. CiCloud does not have access to VMs or drives. This includes activities such as drive deletion and scheduled deletion (for deprecated accounts). CiCloud makes no copies of client drive data, and therefore, the sole copy resides in our cloud unless the customer chooses to clone the drive to another storage system or location. Via the drives marketplace, preinstalled systems of many operating systems are provided. These operating systems are correctly patched regularly to ensure security vulnerabilities are patched, enabling end users to deploy secure virus and vulnerability-free operating systems for their VMs on the first boot. |
E) Patching Service | Patching Service
Software upgrades and system patches at both the operating system and application layer are achieved without service disruption due to the redundant and clustered architecture of the solution. System patching, including security updates, is subject to our security and change management procedures covered by Centerprise ISO 27001-certified processes. |
F) Secure User Management | Secure User Management
Once logged in, customers can customise their basic account security settings, such as activating auto logout and setting a timeout in minutes, hours or days. Account passwords can be changed at any time. Customers can also connect their email and other social media accounts. |
G) Access Control Lists (ACLs) | Access Control Lists (ACLs)
ACLs segment account control rights and access to the different operational aspects. With this feature, the account administrators can access different resources or a group of resources across the account. The account administrator delegates permissions to each account and lets users log in to the web console with their credentials. Examples of delegated abilities: ● Provide accounting with access to billing but not to edit any server/networking resources ● Give junior sysadmins access to start/stop servers but not to create or delete anything ● Provide senior sysadmins access to manage the architecture fully but not be able to access billing ● Provide the operations team with access to firewall policies and networking but not to servers ● Provide a team with full access to their servers (using server tagging) but not any of the other resources
ACLs enable very granular control over the account’s permissions and budget, resulting in higher levels of transparency and security. For each module, it is possible to delegate read-only or read-write permission. It is also possible to delegate permission on individual resources, for example, a server or set of drives. |
H) Two-Factor Authentication | Two-Factor Authentication
CiCloud customers can use Google’s two-step authentication to log onto their accounts. Two-step verification increases the security for access to their cloud platform account by providing a six to eight-digit unique password, which users must provide in addition to their username and password to log into the cloud platform UI. The feature is available via an API call and the WebApp. The default status of the feature is disabled and can be activated by individual customers if they want to. |
I) Keys Management | Keys Management
Secure access to end-user VMs is facilitated using SSH key pairs. This allows users to run commands on a machine’s command prompt without being physically present near the machine. This enables users to establish a secure channel over an insecure network. The SSH key creation covers the following three scenarios:
|
J) Event Logging | Event Logging
CiCloud implements comprehensive logging against all its infrastructure deployments. All infrastructure components contain logging information against all critical system functions (including access or data impacting actions, for example) and by the user. Logs are retained locally on the infrastructure component and replicated to a central repository using the logging service tool Kibana. Logs include networking activity and key application and operating system events. Logs are retained for a minimum of one year onsite, with logs retained for up to two years upon request. |
K) Technical Audit | Technical Audit
All customers of the CiCloud platform are entitled to perform security, operations, and process auditing in relation to our services. The customer can perform the audit or a third party authorised by the customer. Please note the following:
|
L) Network Security & Traffic Separation (Data in Transit) | Network Security & Traffic Separation (Data in Transit)
CiCloud leverages the open-source KVM hypervisor to fully separate all traffic between client accounts below the virtual machine level. No end user can view traffic from any other end user. Linux KVM achieves This through full packet inspection of all incoming and outgoing packets to VMs. KVM implements a virtual switch for every networking interface of each VM. Acceptable traffic courses (i.e., other VMs in the user’s account) are instantiated on boot and updated as VMs are added and removed from various networks (i.e., end-user private networks in the cloud). In addition, end users can apply virtual firewalls at the hypervisor level that apply additional rules. |
M) Storage Separation (Data at Rest) | Storage Separation (Data at Rest)
Users can easily keep data private and secure by fully encrypting the operating system/file structure using technologies such as KVM for Linux distributions or TrueCrypt for Windows environments. While this approach doesn’t eliminate the potential for data leakage, it does render any leaked data completely unusable to others. However, this approach can be somewhat disruptive if, for example, an encrypted server crashes, as it will require manual procedures to enable access to encrypted data on reboot. Customers can apply encryption to the drive on creation. This eliminates the possibility of data leakage and ensures the automatic encryption of any new data as it is written. Encryption can be enabled via the API or WebApp when creating a new drive. It should be noted that this approach may have a small impact on performance. Customers can always configure their servers to have a system drive with no encryption and a data drive that is fully encrypted. |
N) DDoS Protection Measures | DDoS Protection Measures
The following measures are used to prevent Distributed Denial of Service (DDoS) attacks:
|
O) Data Encryption | Data Encryption
CiCloud supports the partial or full (boot level) encryption of virtual drives. As a best practice, we recommend that end users perform boot-level encryption of sensitive data and retain the keys outside our cloud. The cloud platform currently supports several customers running fully encrypted data storage in conjunction with their services in the cloud. End users can also connect to their VMs using encrypted protocols to ensure the integrity of login and other data they transmit to and from their servers. Typical end-user use cases where encryption would be used would be when a hosted processing provider is storing sensitive end-user information or when a service provider wishes to store proprietary data that they wish to be secured additionally. In these cases, an encrypted partition can be created for that specific data or a separate virtual drive with full file system encryption used. In this way, the end user providing the service can combine the best performance from data that does not need encryption with high security for the data that does. CiCloud has extensive experience in encrypting drive data using numerous encryption approaches, such as Cryptsetup, dm-crypt, FDE, TrueCrypt (VeraCrypt), as well as lower-level block storage encryption via ZFS and is happy to work with end users to ensure the right encryption is implemented to reflect their requirements. |
P) Intel-SGX | Intel-SGX
Intel Software Guard Extensions (Intel-SGX) helps protect data via application isolation technology. By protecting selected code and data from modification, developers can partition their applications into hardened enclaves or trusted execution modules to help increase application security. With the Intel-SGX application, developers can protect select code and data from disclosure or modification. Enclaves are trusted execution environments (TEE) that utilise a separate portion of memory that is encrypted for TEE use. Customers can select Software Guard Extension when provisioning a server and allocate RAM to that server. Intel-SGX is an additional security measure that can benefit companies working with sensitive and confidential data. Intel-SGX ensures the integrity and confidentiality of computations in such systems where privileged processes are deemed unreliable. The data in the enclave remain protected even if the cloud servers are compromised. |
Q) Virtual Router
| Virtual Router
CiCloud offers Virtual Router functionality as an effective Network-as-a-Service tool accessible via the user interface and API. The tool allows customers to fine-tune their network and security in the cloud and offers a high level of granularity and control of access and set up of preferred connections and routing. The Virtual Router tool grants unlimited virtual domains, firewall policies and registered endpoints, and a rich set of additional features. |
R) Firewall Policy | Firewall Policy
Due to isolation and abstraction from the hardware, virtual machines, by nature, provide additional security over their traditional counterparts. An attack on a VM should not affect any other VMs running on the same server or the host OS. Virtual machines have security vulnerabilities, but the negative impacts of an attack can be mitigated using methods similar to those applied to physical systems. The real security concern should be at the hypervisor level. If an unauthorised user were to gain access to the hypervisor and, ultimately, the host OS and hardware, they could take advantage of all the VMs being automatically generated on the same system. CiCloud hypervisor-level firewalls are available over the Virtual Router and ensure network protection below the level of the virtual machine without relying on the virtual machine operating system, which is resilient even to the compromise of that virtual machine. This feature allows customers to create, manage and apply enterprise-grade networking policies concerning their cloud infrastructure in a fully integrated way. The users can configure and constrain both inbound and outbound traffic through the Web interface or directly over the API, including by traffic type. Network policies also allow black and whitelisting by IP address. Management is achieved via policies applied to single or groups of infrastructure, allowing each management and application across both small and large-scale infrastructure conveniently. The policies range from a single rule that blocks all external public IP traffic to complex schemes that only allow connections to certain ports from a set of IPs. Network policies are saved and applied to one or more virtual servers as required. Furthermore, network policies can be reconfigured and re-applied to running servers without service disruption. |
S) Security Management
| Security Management CiCloud is ISO-27001 certified, including all areas of sales, operations and support, and PCI-DSS compliant. A copy of the latest ISO 27001, ISO 27017, and ISO 27018 certificates can be obtained upon request. In addition, CiCloud is certified by Canonical as a certified Ubuntu Public Cloud.
CiCloud certifications held also include: ISO27001, ISO27017, ISO27018, ISO 10002, ISO 20000, ISO 45001, ISO 14001, ISO 22301, ISO 50001, ISO9001, GEANT, EUGDPR, PCIDSS, Cyber Essentials PLUS, JOSCAR
|
T) Quality Management
| Quality Management
CiCloud applies internal quality management procedures to processes relating to the creation and quality control of the products and services the company offers. We use a combination of methodologies and management tools to ensure customer requirements and expectations are continuously monitored and met. The heads of each department are responsible for implementing all quality management procedures and ensuring the management system is compatible with ISO 27001. An integrated management interface is the centralised system we use to manage and monitor the cloud from an operations and account management perspective. The separate user roles and rights define different access levels. Team members are trained and updated on the different components and metrics used and are then granted access levels based on their roles. |
U) Secure Development
| Secure Development
An agile framework provides us with software development methods in which requirements and solutions evolve through collaboration between self-organising, cross-functional teams. Retaining short-term flexibility through an agile approach reduces the risk of failure and surfaces issues earlier before they threaten the success of the proposal. The iterative sprint process provides the ability to forecast the work effort required for each deliverable, allowing the product owner to fine-tune their product roadmap. Being agile also moves the trade-off between the completeness of the product and release timing. It is possible to release more frequently and to iterate faster. The second facet of our engineering approach are the systems in place to manage software deployment securely and reliably, complementing the agile methodologies outlined above. Deployment is managed across three separate environments: Development, acceptance testing, and production. The main source code repository is managed through the Mercurial Source Code Management tool and GitHub. The updated codebase is verified through the Jenkins Continuous Integration tool, which tests each check-in via an automated build and runs a sequence of integration and unit tests on the code. We run a suite of user-level acceptance tests on the integration servers that primarily monitor performance. The code is added to the Mercurial Production Repository if these tests pass successfully. At this point, the code becomes subject to an internal code review by a developer without involvement with this code base. When this is signed off, the code is sent to a third and final mercurial repository, ready for deployment into the production environment. Risk Management is applied in tandem with our agile approach and assigned the following four elements: Risk description, probability, loss size measured in days or story points and exposure. The risks are re-evaluated at each sprint, with a single consolidated risk value created. |
W) Staff Screening
| Staff Screening
Only full-time IT operational staff who have been security-cleared by presenting a clean criminal record have access to our cloud, which is monitored by audit trails. In addition, our access control methods are defined by role and need. All new staff are trained following our internal processes relating to security and privacy and ISO 27001 certification guidelines. |
X) Technical Support Staff | Technical Support Staff
CiCloud Technical Support staff are all trained to the highest degree on all aspects of Centerprise CiCloud. Our Support staff work closely with Account Managers and the DevOps team. They are highly knowledgeable and responsive, delivering a high level of customer care. CiCloud guarantees 24/7 coverage all year round via live chat, email and Zendesk, our online ticketing system. The team continuously monitors our infrastructure through an extensive and intelligent monitoring platform, ensuring that all systems are operational and reacting immediately to any incident via documented procedures or escalating to our Operations Team. All monitoring systems comply with our security and confidentiality protocols. |
Centerprise Cloud Features Mapping Against the National Cyber Security Centre Attribute
NCSC Attribute | CiCloud Features Mapping
|
1. Data In Transit Protection User data transiting networks should be adequately protected against tampering and eavesdropping. | L) Network Security & Traffic Separation (Data in Transit) N) DDoS Protection Measures O) Data Encryption P) Intel-SGX Q) Virtual Router R) Firewall Policy S) Security Management
|
2. Asset Protection and Resilience User data and stored or processed assets should be protected against physical tampering, loss, damage or seizure. | A) Physical location and legal jurisdiction B) Data centre security M) Storage Separation (Data at Rest) J) Event Logging O) Data Encryption S) Security Management
|
3. Separation Between Users A malicious or compromised user of the service should not be able to affect the service or data of another. | A) Physical location and legal jurisdiction B) Data centre security C) CiCloud WebApp/API D) Root Access & Operating System Security F) Secure User Management G) Access Control Lists (ACLs) H) Two-Factor Authentication I) Keys Management J) Event Logging M) Storage Separation (Data at Rest) O) Data Encryption S) Security Management U) Secure Development
|
4. Governance Framework The service provider should have a security governance framework which coordinates and directs its management of the service and information within it. Any technical controls deployed outside of this framework will be fundamentally undermined. | F) Secure User Management G) Access Control Lists (ACLs) H) Two-Factor Authentication I) Keys Management J) Event Logging N) DDoS Protection Measures O) Data Encryption S) Security Management T) Quality Management
|
5. Operational Security The service needs to be operated and managed securely to impede, detect or prevent attacks. Good operational security should not require complex, bureaucratic, time-consuming, or expensive processes. | A) Physical Location and Legal Jurisdiction B) Data Centre Security D) Root Access & Operating System Security E) Patching Service F) Secure User Management G) Access Control Lists (ACLs) H) Two-Factor Authentication I) Keys Management J) Event Logging K) Technical Audit L) Network Security & Traffic Separation (Data in Transit) M) Storage Separation (Data at Rest) N) DDoS Protection Measures O) Data Encryption P) Intel-SGX Q) Virtual Router R) Firewall Policy S) Security Management T) Quality Management W) Staff Screening X) Technical support staff
|
6. Personnel Security Where service provider personnel have access to your data and systems, you need a high degree of confidence in their trustworthiness. Thorough screening, supported by adequate training, reduces the likelihood of accidental or malicious compromise by service provider personnel. | A) Physical Location and Legal Jurisdiction B) Data Centre Security J) Event Logging S) Security Management T) Quality Management W) Staff Screening X) Technical Support Staff
|
7. Secure Development Services should be designed and developed to identify and mitigate threats to their security. Those may be vulnerable to security issues that could compromise your data, cause loss of service, or enable other malicious activity. | D) Root Access & Operating System Security E) Patching Service J) Event Logging S) Security Management T) Quality Management U) Secure Development W) Staff Screening X) Technical Support Staff
|
8. Supply Chain Security The service provider should ensure that its supply chain satisfactorily supports all of the security principles the service claims to implement.
| A) Physical Location and Legal Jurisdiction B) Data Centre Security D) Root Access & Operating System Security E) Patching Service J) Event Logging P) Intel-SGX Q) Virtual Router S) Security Management T) Quality Management U) Secure Development W) Staff Screening X) Technical Support Staff HPE Silicon Root of Trust
|
9. Identity and Authentication Your provider should make the tools available to manage your use of their service securely. Management interfaces and procedures are a vital part of the security barrier, preventing unauthorised access and alteration of your resources, applications, and data. | C) CiCloud WebApp/API D) Root Access & Operating System Security F) Secure User Management G) Access Control Lists (ACLs) H) Two-Factor Authentication I) Keys Management J) Event Logging Q) Virtual Router R) Firewall Policy S) Security Management T) Quality Management U) Secure Development W) Staff Screening X) Technical support staff
|
10. Identity and Authentication All access to service interfaces should be constrained to authenticated and authorised individuals.
| B) Data Centre Security C) CiCloud WebApp/API D) Root Access & Operating System Security F) Secure User Management G) Access Control Lists (ACLs) H) Two-Factor Authentication I) Keys Management J) Event Logging N) DDoS Protection Measures R) Firewall Policy S) Security Management T) Quality Management U) Secure Development
|
11. External Interface Protection All external or less trusted service interfaces should be identified and appropriately defended. | B) Data Centre Security C) CiCloud WebApp/API D) Root Access & Operating System Security F) Secure User Management G) Access Control Lists (ACLs) H) Two-Factor Authentication I) Keys Management J) Event Logging S) Security Management T) Quality Management
|
12. Secure Service Administration Systems used to administer a cloud service will have highly privileged access to that service. Their compromise would have a significant impact, including the means to bypass security controls and steal or manipulate large volumes of data. | A) Physical Location and Legal Jurisdiction B) Data Centre Security D) Root Access & Operating System Security F) Secure User Management G) Access Control Lists (ACLs) H) Two-Factor Authentication I) Keys Management J) Event Logging S) Security Management T) Quality Management U) Secure Development W) Staff Screening X) Technical Support Staff
|
13. Audit Information for Users You should be provided with the audit records needed to monitor access to your service and its data. The type of audit information available to you will directly impact your ability to detect and respond to inappropriate or malicious activity within reasonable timescales. | A) Physical Location and Legal Jurisdiction B) Data Centre Security J) Event Logging K) Technical Audit S) Security Management T) Quality Management U) Secure Development
|
14. Secure Use of the Service The security of cloud services and the data held within them can be undermined if you use the service poorly. Consequently, you will have certain responsibilities when using the service for your data to be adequately protected. | C) CiCloud WebApp/API D) Root Access & Operating System Security F) Secure User Management G) Access Control Lists (ACLs) H) Two-Factor Authentication I) Keys Management J) Event Logging O) Data Encryption R) Firewall Policy S) Security Management T) Quality Management
|