The US Signal Approach to IT Security
Every IT services provider has its own approach to IT security and labels it in a way that will hopefully resonate with prospective customers. There’s the holistic approach, the proactive approach, the risk-based approach, the adaptive approach, and so on. But, what do those words really mean when it comes to how the service provider will protect your IT systems and data against ransomware, DDoS attacks, and other malicious acts?
Shared Security Responsibility
While we can’t speak for other companies, we can tell you how IT security works at US Signal. It starts with a basic division of responsibility between US Signal and you, the customer.
US Signal protects the underlying infrastructure that powers our colocation offerings, data protection suite, network services, and cloud solutions. That includes the physical layer of the cloud — the compute, storage, and network subsystems, as well as operating and securing the data centers. It also includes the software (virtualization layer) and network infrastructure.
As the customer, you are responsible for the security of your data, applications and the operating system, as well as any equipment you own in the case of colocation services. This includes:
- Limiting access to the root account
- Encrypting data at rest and in transit
- Managing and controlling your encryption keys
- Abiding by US Signal security protocols at data center
- Managing the data center access list for employees and vendors
Many customers choose to layer on managed security services to meet specific requirements they have. In those cases, unless otherwise specified, US Signal handles security configuration tasks such as patching and firewall configuration. However, you would be responsible for handling secure account credentials, as well as your firewall rules.
The managed security services are offered in three levels to meet customers’ specific budget and compliance requirements.
The Fort Knox Approach
So, just how does US Signal protect the underlying infrastructure that powers its services? At the physical level, US Signal data centers are designed for maximum security with 24/7 video surveillance, RFID readers on every door, and iron-clad security policies. All cabinets and cages include combination locks. Biometric scanning is available at select facilities. Facilities are also audited annually to meet the stringent security requirements of PCI DSS, HIPAA/HITECH and other regulatory standards. Security measures are regularly reviewed and tested to ensure they are performing optimally.
At the employee/administrative level, all employees undergo frequent security training. US Signal’s Operations and Engineering personnel have specified access levels and named user accounts in all systems. No US Signal personnel have access to customer data.
US Signal also has a comprehensive information security program, led by an information security and compliance officer, and with an executive steering committee. It’s complemented by a full governance, risk, and compliance program.
At the systems level, US Signal uses multiple leading-edge technologies to ensure that nothing gets in or out that shouldn’t. Among them: intrusion protection systems, host-based intrusion detection, centralized log monitoring, security information management (SIM), centralized anti-virus, vulnerability testing, internal penetration testing, and 60-day password reset intervals. There’s even an option for two-factor authentication. Monitoring 24/7 by the company’s Technical Operations Center makes sure that any abnormalities are detected and remedied long before they can cause problems.
US Signal leaves nothing to chance. To help ensure its security protocols are working, annual penetration/security assessments are conducted by a third party. External independent audits are also conducted for SOC 1, SOC 2, PCI, HIPAA, and financial statements. In addition, internal staff are certified as auditors and support a robust internal audit program.
The Private Network Factor
US Signal’s private fiber network adds even more protection for its portfolio of services. For example, with its private network, US Signal can offer a higher level of security to customers then VPNs over the public Internet. It also helps simplify data transmission.
Private connectivity is maintained between data centers, and customers have the option of private connectivity to ground. Data stays private throughout transmission. While US Signal doesn’t encrypt data, we can support it. That means customers can employ encryption to best suit their specific needs.
It’s not just the privacy side of US Signal’s network that lends itself to security. The network infrastructure is highly resilient with a redundant core, and everything built on mesh architecture. Routers are built in aggregate in a fault-tolerant configuration. US Signal also partners with a fiber restoration service and proactively monitors the health of its network, ensuring that it can offer a 30-minute response time or less.
Security and Compliance Matters
US Signal’s built-in security does more than protect customer IT assets and data. It can also help customers meet compliance standards and adhere to company security policies. Among the things US Signal can do:
- Support regulatory audits
- Meet with auditors
- Map current controls from existing compliance activities to specific customer requirements
- Respond to auditors’ requests for information or relevant documentation
- Offer guidance from the sales process through on-boarding and into the audit cycles
- Recommend strategies for meeting security and compliance requirements for international data privacy and/or addressing related issues
- Provide documentation of reports
US Signal even offers data destruction services, accompanied by a certificate of destruction.
Your Security. Your Way.
In essence, what US Signal offers is highly secure IT environments and services that can be further customized to meet your specific needs – including those related to budget and compliance. To learn more, talk to a US Signal solution architect. Call 866.2. SIGNAL or email firstname.lastname@example.org. You can also take advantage of this free resource on ransomware.