Freely subscribe to our NEWSLETTER

By adopting best practices from other areas of the IT industry (such as banking), CloudSigma is leading the way in delivering public cloud servers that meet or exceed the level of security offered by traditional dedicated server hosting.

Control Access to your Cloud Servers

Will full software level control of cloud servers in the CloudSigma cloud, protecting direct server access is 100% controlled by the user. This allows users to implement their own security policies on their servers with regards to OS and application access and networking firewalls. The new suite of security settings allow customers to fine tune the nature and method of access interfaces to the cloud management layer. These controls include:

– enable/disable FTP gateway functionality

– control web console inactivity timeout periods

– allow two stage login authentification using SMS

In this way customers can dial in the level of restriction they wish to achieve with their web console access. The two stage authentification combines the usual initial username/password combination with a second stage SMS code verification step. This system is similar to the latest generation systems employed by banks to secure retail access to their online banking. All failed attempts are logged and the account owner is alerted instantly informing customers when a password has become compromised as well as providing a comprehensive audit trail.

Customised API Access

API access represents a double-edged sword for those looking to use public Infrastructure-as-a-Service clouds. On the one hand it allows full automation of cloud infrastructure allowing automatic scaling, load balancing and more. At the same time however such powerful tools represent a significant threat to a company’s infrastructure if not secured correctly. Detailed access control to the API is an essential part of maintaining the integrity of a company’s infrastructure. The following new settings allow customers to secure and limit access:

– switch off API access completely

– create an IP white list for API access

– allow http/https or only https API access

– choose between plain or digest authentification

– choose between username/password or UUID/API key authentification

These critical settings allow customers to tightly control the access and authentification to the API. The combination of secured web console access and secured API access present a robust answer to the concerns that have been raised with regards to securing infrastructure in a public cloud environment.

Hybrid Cloud Ready

Increasingly companies are using a combination of existing infrastructure with public clouds to benefit from the advantages of both models. A critical part of integrating a public cloud with existing corporate infrastructure is the ability to secure and control API and web console access.