VELOCITY'S CLOUD SERVICES PROVIDES SIGNIFICANT ADVANTAGES WHEN COMPARED TO COMMODITY PUBLIC CLOUDS.
A progressive, evolutionary approach to every aspect of information security gives customers peace of mind. Best-in-class attestations and standards provide for certifications, controls and associated audits that reinforce confidence and demonstrate compliance. Velocity recognizes that our customers trust us with their critical data and applications.
According to CIOs, CTOs, and CISOs, negligent insiders top the list of perceived security threats (51%), with malicious outsiders (43%) and compromised applications rounding out the top three (SANS Cyber Security Study, 2014). Symantec, Inc. reports 312 distinct breaches in 2014 with about 348 million identities exposed. Acute and determined attacks like advanced persistent threats and zero day vulnerabilities are becoming more frequent and complex. The top five zero days were actively exploited for 295 days before patches were available. Attackers are moving faster, frequency is increasing and threats are becoming more integrated - defenses are not keeping pace.
A DIFFERENTIATING APPROACH
No longer is the conventional “CIA Triad” of confidentiality, integrity, and availability sufficient to guarantee information security in the cloud. Information assurance attributes including privacy, non repudiation and accountability must be considered along with governance aspects like auditability and authenticity. Each of these is addressed and integrated in Velocity’s market offerings and by embracing fundamental and progressive design principles:
- Forward Innovation – Velocity studies security trends and issues to proactively develop intellectual property that reduces risk. This composite set of tools and utilities forms the foundation of our security approach.
- Secure by Design – Velocity security measures are built into the fabric of our architecture, resulting in a service delivery platform that is inherently more secure than typical industry add-ons or after thoughts.
- Defense in Depth – Velocity engineers and deploys multiple layers of security encompassing people, process and technology.
STANDARDS BASED, FUTURE PROOF
Your business changes. Technology, systems and applications offer a distinct business benefit if they can be used to the fullest potential. Velocity engineers compliance into the cloud fabric, creating a tapestry of capabilities to meet the information security needs of today and tomorrow. The flexibility to manage payment card information for a new employee purchase program creates a significant challenge if implemented as an afterthought. Changing healthcare requirements require protection for even the rudimentary benefits administration functions intrinsic to human capital management systems. Ever widening definitions of protected information and theoretical access require an innovative approach to ITAR and EAR access.
Velocity assembles relevant certifications and attestations to design and validate our controls. Our third-party certifications include Standards of Attestations Engagements in the U.S. No 18 (SSAE 18) / AT Section 801, (SOC 1), AT Section 101 Report relevant to Security, Availability, and Confidentiality Principles (SOC 2), Information Technology Infrastructure Library (ITIL) and Safe Harbor. We adhere to stringent risk mitigation and comprehensive compliance requirements. For additional information on Velocity’s compliance standards, please contact a Velocity representative.
Tools and technologies for best-in-class providers are resident in Velocity's Cloud Services. Network feeds are captured and replayed for analysis of attempted intrusion. Advanced and persistent vulnerability detection is “always on.” Intrusion detection, prevention and remediation ensures access to the cloud services is made from trusted endpoints and groups. Advanced search and threat detection algorithms are deployed through cloud analytics for predictive and correlative threat elimination.
Velocity information security and processes are configurable for each customer and for each application, often to the data element. Data in the cloud must be accessible – but through appropriate means and by approved entities. Data blocking and ransomware behavior cannot be unintentional consequences of an overzealous information security approach.