trapp
online
The Cloud, Small Business,
and Advanced Data Security
How extraordinary security measures create a better overall hosting solution for small business
A White Paper from Trapp Online by Kent Sorensen, April, 2013 Audience – Small to Medium Business Owner/CEO
trapp
online
Copyright © 2013 Trapp Online www.trapponline.com
Advanced Cloud Security
2
-trapp
online
Executive Summary
Cloud Benefits
Cloud/hosted applications and IT infrastructure hold
significant economic, operational and security advantages over on-premise solutions.
Cloud Security Concerns for Small Business
Data security is the number one concern of small business
owners considering cloud computing. Potential theft, loss or corruption of sensitive data, and business-ending security breaches contribute to fears.
Inadequacy of Non-cloud Solutions
On premise IT and distributed applications are difficult and expensive to secure. Traditional commercial cloud solutions compromise security with shared servers, high-priced dedicated servers, and poorly equipped small data centers. Approach to Advanced Cloud Data
Security for Small Business is:
Ahead of its time due to a relentless security
philosophy and unprecedented up-front investments in
security expertise and infrastructure
A locked-down, isolated network, dedicated server environment within a world-class data center in a low disaster risk U.S. location.
Benefits of Cloud Computing
The adoption of cloud computing solutions in small business is growing
rapidly due to its significant operational advantages, including these
well-established and measurable benefits: • Lower overall cost
• Improved productivity • Less IT maintenance
• Expanded access
• Enhanced security
Copyright © 2013 Trapp Online www.trapponline.com
Advanced Cloud Security
-trapp
online
Trapp Online Hosting is Safe and
Affordable for Small Business
Advanced Cloud Data Security fosters a more stable environment which costs less to maintain. The customer gets unsurpassed data security at an affordable price.
A Better Overall Cloud Experience
Trapp Online’s Advanced Cloud Data Security creates unexpected non-security benefits which include:
1. Faster setup – Less application vetting
2. Better integration – Promoted by an isolated, stable
environment
3. Improved performance – Faster and more consistent response times
4. Fewer problems – A more stable, dedicated
environment
5. Less downtime – Reduced handling and interference
6. Less IT hassle – More time for growing the business
7. No compromises – Eliminates tradeoff between security and cost
In spite of high adoption rates, data security on the Cloud remains the number one concern of business owners, slowing adoption by many organizations.
trapp
online
Copyright © 2013 Trapp Online www.trapponline.com
Advanced Cloud Security
4
-Cloud Data Security Concerns for Small Business
In spite of high adoption rates, data security on the Cloud remains the number one concern of business owners,
slowing adoption by many organizations. Reasons for the concerns are well-founded and can be summarized as follows:
1. Theft of Sensitive Data – Small business application
databases contain information attractive to criminals,
hackers and competitors, including customer names and addresses, bank account numbers, credit card
numbers, and private company financial data, which, if stolen, could result in financial harm to companies and customers.
2. Destruction or Corruption – Viruses or malware
encountered in shared cloud environments and
unauthorized access by malicious parties are serious real
and perceived threats.
3. Data Integrity – Accountants and others routinely
download sensitive data from small business applications
to prepare statements and taxes, perform audits and
to correct errors. Multiple copies of data increase the probability of data lost to overwriting, lack of synchronization and the substitution of older versions. 4. Fallout – A security breach creates the potential for
serious consequences putting a small business at risk. Lawsuits by vendors and customers, negative reviews,
boycotts and blackmail are outcomes that all companies
want to avoid.
Benefits of Cloud Computing
The adoption of cloud computing solutions in small business is growing
rapidly1 due to its significant operational advantages, including these
well-established and measurable benefits: • Lower overall cost
• Improved productivity • Less IT maintenance
• Expanded access
trapp
online
Inadequacy of non-cloud solutionsRetaining applications and data on
local company servers does not remove threats from the outside world. All but the most sensitive government and
business networks are connected to the
Internet.
Securing individual workstations and servers with tight security measures is expensive and less than foolproof. Productivity suffers when access is tightly controlled. Virtual Private
Network (VPN) technology typically offers broad access to network resources and data accessed can be
transferred from servers to remote machines.
In summary, security measures distributed throughout a network are
inadequate, challenging, costly and incomplete.
Problems with standard cloud solutions
1. Shared servers – The standard offerings from large,
commercial cloud providers combine multiple customers on a single virtual or physical server. The shared
environment increases the threat from viruses and malware imported to the server by other customers or
from unauthorized access to data from wandering or
dishonest users.
2. High cost of dedicated servers – Dedicated resources are recognized as a solution to some cloud security
risks and are offered by many large service providers. Unfortunately, providers charge up to five times more for a dedicated server environment eliminating this option for smaller companies.
3. Under-equipped service providers – Smaller cloud
and hosting providers do not have the capital or the
human resources to build and maintain redundant
systems, disaster recovery procedures, physical access controls and full network security. The result is often data security inferior to shared server or on-premise solutions.
trapp
online
Copyright © 2013 Trapp Online www.trapponline.com
Advanced Cloud Security
6
-Advanced Cloud Data Security
The Trapp Online Approach
Above-and-beyond efforts to create second-to-none security features place Trapp Online’s Advanced Cloud Data Security years ahead of other hosting providers. This dramatic lead in security comes from two directions:
1. Philosophy – Company founder, David Trapp, built and managed an accounting firm for 20 years before starting Trapp Online. “There’s a security mind-set I developed from years of experience, a dedication to privacy and
a commitment to reliability arising from my worst accounting fear, the inability to print paychecks with
people waiting. This attitude has driven Trapp Online to build the most resilient and secure cloud environment possible,” he explains.
2. Partners and consultants – Trapp Online spent the
funds necessary to acquire the services of the most qualified technical experts in cloud security, the best minds in their areas of specialization, both vendors and consultants. The result of their combined input—a cloud security mind-meld—is a solution that is years ahead of the industry.
Current industry forecasters say the Cloud is headed in this direction but, the
security measures developed by Trapp
Online exist mostly in theory for other
trapp
online
Trapp Online Standard Cloud Security Features The security features and benefits of Trapp Online’s data
center, listed below, represent current cloud best practices
found in most large commercial data centers.
Centralized Data and Application Storage
a. Reduced exposure – Data remains on the server at the data center. Data stored in a single location (with
backup) reduces the surface area or number of potential
threat access points.
b. Centralized protection – Security is concentrated at
the server and optimized for that environment. c. Simplified remediation – When weaknesses or new
threats become known, corrective action is faster since it need not be adapted to multiple environments and machines.
d. Backups – Rolling seven-day, redundant backups of all
data are performed automatically
Secure Access to Data
a. User authentication – Individual login credentials are checked regardless of the location or device from which the data is accessed.
b. Encryption - Website encryption with SSL certificates and RDP/RDC session 128-bit RC4 encryption
c. User access controls – Administrator/vendor and end-user permission levels
Trapp Online’s cloud infrastructure is
part of a larger private data center in Phoenix, Arizona.
trapp
online
Copyright © 2013 Trapp Online www.trapponline.com
Advanced Cloud Security
8
-Environmental controls
The data center environment is maintained at a constant humidity and 72 degree set-point. Chillers and condensers are located in a secured exterior area.
Redundant systems
Redundant diverse fiber paths in network infrastructure, UPS and generator power backup with 24-hour fuel supply and stand-by contracts with local fuel suppliers, multiple
Computer Room Air Conditioners (CRAC) units,
Fire Suppression & Monitoring
Multiple-zoned pre-action fire suppression system, Smoke alarms and sensors under floor panels and mounted in
ceiling and in ceiling plenum
Physical protection
Data center located below ground level in Phoenix, Arizona, a location considered to be safe from fire, flood, earthquake, hurricane, tornado and other natural disasters4. A disaster recovery plan protects data in case of an unlikely event. Data Center
• Standards – Passed SSAE 16 Soc Type II and SAS 70 Type II audits; PCI Compliant; built to the standards of the banking industry
• Controlled access – Man trap with turnstile, 2 factor authentication, key
card access 24/7, entry and exit logs,
biometrics security, closed circuit
monitoring with CCTV, 24x7 support
staff and security operations center, alarms tied into campus, BMS, local
police and fire departments
• Human Resources - Data center personnel are trained professionals.
trapp
online
Dedicated Servers
a. Data lockbox – A dedicated server for each customer provides an extra layer of protection, like a safe deposit box within a bank vault.
b. Isolated servers – Customer’s virtual servers5 are logically isolated. Other servers can’t be accessed or even seen, creating an effective barrier to hackers and data theft. Risks like viruses don’t bleed from one cloud customer to another.
Isolated Network
Network traffic for each customer is completely segregated from other data center users. Every client’s data is
transported in its own pipe. Redundant Internet
Trapp Online built an Internet mesh, or mix of four carriers for Internet reliability, including a failsafe wireless carrier
accessed with a rooftop antenna. Cisco Flexpod
A recent hardware upgrade from Cisco with data storage by NetApp makes Trapp Online a Cisco Flexpod cloud
provider, a level of security achieved by less than one percent of U.S. data centers.
Trapp Online employs a unique combination of advanced security
features not found at other commercial
data centers.
The best security technicians from Cisco, VMWare and NetApp were assembled by Trapp Online’s security
chief to create the Advanced Cloud Data Security architecture. The comprehensive, proprietary design is
unfamiliar to outside companies and
hackers, providing an extraordinary level of protection.
trapp
online
Copyright © 2013 Trapp Online www.trapponline.com
Advanced Cloud Security
10
-Proactive Firewall Design
a. Adaptive security appliance – The Trapp Online
firewall employs a Cisco Adaptive Security Appliance which is continuously monitoring evolving worldwide security threats and upgrading protective software in real time to combat them.
b. Custom firewall settings – Customers can customize
their own firewall settings to adapt to unique requirements.
Vendor Portal
Single sign-on – Administrators and accountants access multiple customer accounts with a single login and
password, reducing password dissemination and increasing
password control.
Additional Layer of Physical Security Trapp Online’s cloud infrastructure and servers are located
in a locked, partitioned area within the larger data center,
providing an additional layer of operational security by physically excluding data center visitors and technicians— like a vault within a fort.
trapp
online
Additional non-security benefits of Ad -vanced Cloud Data Security
1. Faster setup – Integrating applications like QuickBooks
and Salesforce is problematic in a shared server environment, often requiring a vetting process that can take up to a month. Dedicated servers remove the variables and interference from other customers’
applications that must be managed in a shared
environment. With no application vetting process, setup
can be accomplished in minutes instead of days or
weeks.
2. Better integration – Dedicated environments allow greater flexibility making application integration easier to accomplish and maintain. Integrations run more reliably in a stable environment.
3. Improved performance – Less competition for resources means faster and more consistent response
times.
4. Fewer problems – Because each customer’s
environment is more stable, less IT maintenance is required.
5. Less downtime – Each customer’s stable, dedicated
server environment does not change as other customers are added to or removed from the cloud. There’s less
handling and less to go wrong, which results in less
downtime.
6. Less hassle – Faster setup, improved performance,
fewer problems and less downtime are good for
business. Owners spend less time on the phone dealing
with IT issues and more time focused on growing the
enterprise.
7. No compromises – Traditional cloud pricing requires you to pay more for a more secure environment, creating an uncomfortable trade-off between security and cost. Trapp Online’s Advanced Cloud Data Security results in a more secure environment where costs to the customer are less. Business owners no longer need to decide between saving money and having more secure data.
Benefits of Advanced Cloud
Data Security
Enterprise-class security at an affordable price
Trapp Online’s Advanced Cloud Data Security features and unique data center
architecture generate fewer problems
and require less IT support than less secure environments. Trapp Online has invested substantial resources to create
this exceptionally stable and reliable
environment. The resulting operational efficiencies enable Trapp Online to offer dedicated servers at a shared server price—affordable for small business.
Big security for small business
Data security is not just a concern of
large corporations. A security breach of sensitive customer data in a small
business puts the entire enterprise
at risk. Trapp Online’s Advanced Cloud Data Security makes sensitive data highly secure. The data center environment and extra security features are more effective than any security
