Security

Cloud Security

Infiniti treats security as a top priority and every customer benefits from our team of cloud and on-premise security experts. The Infiniti Team will design your architecture to provide optimum availability while ensuring customer security, privacy, and segregation. With our Cloud, not only are infrastructure headaches removed, but so are many of the security issues that come with them. AWS’s highly secure data centers use state-of-the-art electronic surveillance and multi-factor access control systems and maintain strict, least-privileged-based access authorizations.

Infiniti’s Security Strategy

The Infiniti Team will not have access to any customer data. AWS provides a variety of tools and features to keep your account and resources safe from unauthorized use. This includes credentials for access control, HTTPS endpoints for encrypted data transmission, the creation of separate IAM user accounts, user activity logging for security monitoring, and Trusted Advisor security checks.

Managing security in the cloud is much like managing security in on-premises data centers, only without customers having to deal with the costs and complexities of protecting facilities and hardware. Infiniti and AWS manage the underlying infrastructure and customers secure anything they put on the infrastructure or connect to the infrastructure. This shared responsibility model allows customers to manage many familiar areas of their security while also reaping the benefits of the AWS Cloud’s extensive security features.

There are several similarities between managing security in the AWS Cloud and in on-premises data centers.

  • Most of the security tools and techniques that customers are already familiar with can be used in the cloud.
  • Customers maintain control of their guest operating system and applications and keep them updated with the latest security patches.
  • Customers can set up multiple layers of additional protection, including subnets, three-tier architectures with demilitarized zones (DMZs), and hardware VPNs from their office or data center.
  • If a customer has multiple users (e.g., developers, testers, administrators) they can create distinct user accounts with individualized access credentials and have the option of MFA.
  • Customers also have the option to encrypt their data automatically in the cloud or on-premises before the data is uploaded to the cloud.

There are also many differences between managing security in the AWS Cloud and on-premises data centers. Since there are no physical servers or storage devices to manage, customers use software-based security tools to remotely monitor and protect the flow of information into and of out their cloud resources. Instead of just one firewall protecting all of a customer’s networked resources, every Amazon EC2 instance, Elastic Load Balancer, and Amazon VPC contains a firewall. Customers can create a reusable, hardened baseline image of their Amazon EC2 instance by creating an Amazon Machine Image (AMI) and then automatically load that baseline image on every new instance they launch. Customers have the option to create and manage AWS Identity and Access Management (IAM) user accounts from a central portal, which provides a greater level of control and security over sharing the central AWS account credentials among different users.

In addition, network traffic between AWS Regions, Availability Zones, and individual data centers travels over private network segments by default. These private network segments are fully isolated from the public Internet and not routable externally. Our resources can be configured to reside only on isolated AWS network segments and to avoid utilizing any public IP addresses or routing over the public Internet.

AWS Approach and Tools

Your infiniti team is deeply trained and experienced in AWS architecture and security standards. AWS certifications that extend to your organization include:

DoD SRG
FedRAMP
FIPS
ISO 9001
ISO 27001
ISO 27017
ISO 27018
PCI DSS Level 1
SEC Rule 17-a-4(f)
SOC 1
SOC 2
SOC 3
CISPE
EU Model Clauses
FERPA
GLBA
HIPAAHITECH
IRS 1075
ITAR
U.K. DPA - 1988
VPAT / Section 508
EU Data Protection Directive
Spanish DPA Authorization
CIS
CJIS

CSA
EU-US Privacy Shield
FISC
FISMA
GxP (FDA CFR 21 Part 11)
ICREA
MITA 3.0
MPAA
NIST
PHR
Uptime Institute Tiers
UK Cloud Security Principles

Security Certifications

We hold the following certifications:

  • ISO 20000:27001
  • ISO 9000 (in process with audit completed as of this submission)
  • Top Secret Facilities Clearance

Your Infiniti team is deeply trained and experienced in AWS architecture and security standards and will extend those to your organization. These include: Federal Risk and Authorization Management Program (FedRAMP)

  • Service Organization Controls (SOC) 1/American Institute of Certified Public Accountants (AICPA): AT 801 (formerly Statement on Standards for Attestation Engagements [SSAE] No. 16)/International Standard on Assurance Engagements (ISAE) 3402 (formerly Statement on Auditing Standards [SAS] No. 70)
  • SOC 2
  • SOC 3
  • Payment Card Industry Data Security Standard (PCI DSS)
  • International Organization for Standardization (ISO) 27001
  • ISO 27017
  • ISO 27018
  • ISO 9001
  • Department of Defense (DoD) Security Requirements Guide (SRG) security impact levels 2 and 4
  • Federal Information Security Management Act (FISMA)
  • US Health Insurance Portability and Accountability Act (HIPAA)
  • FBI Criminal Justice Information Services (CJIS)
  • National Institute of Standards and Technology (NIST) 800-171
  • International Traffic in Arms Regulations (ITAR)
  • Federal Information Processing Standard (FIPS) 140-2
  • Family Educational Rights and Privacy Act (FERPA)

Data Encryption

Our customers retain control and ownership of their data, and all data stored by AWS on behalf of customers has strong tenant isolation security and control capabilities. Customers should consider the sensitivity of their data and decide if and how they will encrypt data while it is in transit and while it is at rest.

Securing Data at Rest

There are several options for encrypting data at rest, ranging from completely automated AWS encryption solutions (such as AWS Key Management Service [KMS]) to manual, client-side options (such as AWS CloudHSM).

Securing Data in Transit

Protecting data in transit when running applications in the cloud involves protecting network traffic between clients and servers and network traffic between servers.
Services from AWS provide support for both Internet Protocol Security (IPSec) and Secure Sockets Layer/Transport Layer Security (SSL/TLS) for protection of data in transit. IPSec is a protocol that extends the IP protocol stack, often in network infrastructure, and allows applications on upper layers to communicate securely without modification. SSL/TLS, on the other hand, operates at the session layer, and while there are third-party SSL/TLS wrappers, it often requires support at the application layer as well. Related services include:

Related services include:

  • Multi-Factor Authentication (MFA)
  • Encrypted Data Storage
  • Dedicated Connection Option
  • Isolated GovCloud
  • Dedicated, Hardware-Based Crypto Key Storage Option
  • Centralized Key Management
  • Perfect Forward Secrecy