Security Design - Our Certified Solutions Architects with SC clearance provide security oversight during design:
Security Support - Our security engineers provide ongoing support:
An organisation can have many accounts with a cloud provider as required to perform different functions or for different projects. Mobilise will follow best practice to split out certain accounts (and access to those accounts):
It is important to differentiate service users and users of the underlying servers that will be deployed. Mobilise will ensure that accounts are setup with multi-factor authentication. Roles will also be established within Identity and Access policies to ensure users only have access to the relevant resources.
Policies will be established based on a ‘least privilege’ access model using resource names to restrict access. Cross-account access will ensure that environments are segregated and users don’t unknowingly access the wrong system.
Mobilise will establish a series of Virtual Private Clouds to ensure segregation of workloads and additional security separation. Within the VPCs, a series of VLANs will be created to separate different tiers of the multi-tier architecture.
Gateways will be used to establish communication links between the internet and the VPC environment. These may include:
Network Access Control Lists (NACLs) will act as firewalls to control access in and out of subnets within the VPC. These will provide a secondary layer of security in addition to security groups. Security groups will be the primary firewalls which control access in and out of virtual machines within the VPC.
Tufin is an Orchestration suite that provides centralised management for the cloud security features. Mobilise can deploy and configure this tool to give your security specialists a more traditional, detailed overview of your cloud security.
Each cloud provider has their very own measure of security against attacks and vulnerabilities from the Internet. Our extensive knowledge of these providers enables us to best choose defences for your cloud environment (such as DDoS mitigation and Web Application Firewalls).
Throughout the cloud environment, data should be encrypted whenever possible. Protecting your data protects your business and a data breach is a serious issue. Through a set of clearly-defined security policies, Mobilise will ensure that data is encrypted at REST (Volume storage, File storage with a key management service) and in transit (over SSL/TLS).
Mobilise understands that to maintain a high level of security you must audit as much as possible. Auditing allows a company to keep track of their user actions, troubleshoot network and application issues and ensure that data is not being accessed illegally. Mobilise can offer a logging and audit service that is configured to intelligently look for problems and alert the necessary people. Through continuous auditing, we can ensure that your company is compliant against industry benchmarks such as PCI and CIS.
According to the Computer Emergency Response Team (CERT), 99% of network attacks leverage known vulnerabilities. Mobilise uses a multitude of tools to ensure that your cloud infrastructure is secure and safe from attacks.
Mobilise use NCC Scout 2 to scan for vulnerabilities and generate detailed reports on potential issues and risks. This tool ensures that the security points are secure, analysing Security Groups, Network ACLs and the IAM stack.
Nessus Vulnerability Scanner is the industry’s most widely deployed scanner. In conjunction with Scout 2, it identifies the vulnerabilities, policy-violating configurations and malware that attackers could use to penetrate your network.
Cloud providers equip users with a variety of monitoring and alerting tools. Mobilise can configure these tools to monitor a variety of security incidents across the whole application stack. Notifications can be delivered to multiple subscription lists via email, SMS or https endpoints as and when an incident is discovered. This ensures that you stay up to date and in control of your infrastructure.
Mobilise configures inbuilt cloud provider tools to enable security and governance. A fully managed service provides a resource inventory, a configuration history and configuration change notifications. This ensures that all changes have an audit history and administrators are notified.
Mobilise can provide support and tools to enable real-time analysis of security alerts generated by network hardware and applications. These tools are also able to provide a detailed analysis of large volumes of audit information and generate reports on log data.
"The consultants were able to quickly translate our current infrastructure into a fully costed, optimised design on AWS. In addition, they also designed a cost effective disaster recovery solution to fit our RPO and RTO targets."
Dave Minto, Head of Technical Support