Cloud Security with Australian Cloud

INTRODUCTION TO AUSTRALIAN CLOUD SECURITY GOVERNANCE

Australian Cloud clients need to place trust in our security and governance of the Australian Cloud environment so they feel confident their data will be protected and its integrity maintained. Data security and governance is an important part of any cloud business, a quintessential part of Australian Cloud.

TRANSPARENT SECURITY

We believe in Transparent Security where rational so disclose governance aspects of our security design, policies and practices:

We will

    • Disclose common security policies and practices; We discuss common security features we use including firewalls and data encryption
    • Disclose when mandated by legal or regulatory requirements; We will make disclosure when required by law or regulation
    • Disclose Security Architecture; We may make disclosure depending on the associated risks
    • Articulate Governance responsibilities of our clients compared to Australian Cloud; We clearly articulate what clients must do themselves to help protect their data and ensure accessibility

Within our governance is non-disclosure under some circumstances:

We will not

    • Exacerbate risk; We do not disclose anything that could create a risk to our infrastructure or the integrity of the data we are entrusted with
    • Do harm; We do not disclose anything that could create harm for a customer or partner
    • Create unmanageable liability; We will not promise anything that may prove difficult to achieve
    • Disclose information when mandated; We will not disclose information where that would result in a breach of legal or regulatory requirements

BALANCED SECURITY

Australian Cloud balance security against client cost, risk and convenience of use. Our clients want security that is sufficient to enable them to entrust their data to us without incurring too much cost or making user access inconvenient.

SPECIFIC SECURITY

We look at security risk in the following operational categories:

Protecting data in transit; We make certain data is protected as it is transferred between our client and Australian Cloud

Data at rest; We control the threat of hackers, online crime, viruses and spyware

Data privacy & maintaining compliance; As is legally possible our data is protected from foreign laws of disclosure and access. We ensure compliance to regulations and standards with regards data privacy and protection, all data is stored within Australia.

Data availability and recovery; We offer industry best Quality Of Service (QOS) with regards data accessibility. 

AUSTRALIAN CLOUD SECURITY DIFFERENTIATION

We differentiate our self in the market by leveraging the inherent security advantages of our structure and environment. By nature of our virtualised cloudand our client base we can:

  • Implement and maintain best-of-industry security solutions
  • Employ industry-leading expert partners
  • Provide 24/7/365 services including:
    • Firewall monitoring
    • Intrusion detection and prevention
    • Email filtering
    • Security patch and upgrade management
  • Deliver corporate data through one central secure location accessible from anywhere there is an internet connection
  • Guarantee data backups and a stated QOS for accessibility
  • Minimise the risk of client data loss from fixed or mobile devices through loss or theft

Specific Security Details

PROTECTING DATA IN TRANSIT

Desktop Access User Validation

Authentication is by username and password at the ‘cloud’ (please also see password policy below).  Login data is encrypted.

Communication Between User & Australian Cloud

Outside of general browsing of the Australian Cloud Website, all communication between clients and Australian Cloud is encrypted with Secure Socket Layer Cryptology, the same as your online banking uses. The following Australian Cloud services are encrypted:

  • Australian Cloud Desktop
  • Australian Cloud Live Help, Knowledge Base and Ticket System (via LiveHelpNow)
  • Australian Cloud webinars (via Cisco Webex)

Password Policy

Password policy ensures passwords must be:

  • Has minimum character requirements
  • Must include combinations of available characters
  • Must begin with a specific character characteristic
  • Must contain at least one specific character characteristic
  • Must not end with a specific character characteristic

Virus Protection

  • Our service checks all files being passed to the desktop; files cannot be loaded into desktops outside of our services.

DATA AT REST

Intruder Prevention

  • All client data is stored behind multiple firewalls to prevent ‘hacking’.
  • Physical security of data is covered below in Data Storage

Virus Protection

  • We use multi-layered virus protection from different suppliers to offer best possible fortification against virus, malware and spyware.  This is maintained centrally by our 27/7/356 operations centre staff.
  • Our service checks all files being passed to the desktop; files cannot be loaded into desktops outside of our services.

Data Storage

All client data is stored at World best class data centre in New South Wales.  This facility is certified to ISO27001, PCI-DSS and ASIO T4, being the highest available certification in the world.

Application Hosting and Platform

World best class desktops, security management and application hosting certified to SSAE16 and SAS70, being the highest available certification in the world.

Data Protection between Accounts

All client data is stored on a Storage Area Network (SAN), separate from the regular network system; connection is only made on login to the users profile. The client username and password is required to decrypt individual client data. The only access to client data is through the Australian Cloud Desktop.

DATA PRIVACY& MAINTAINING COMPLIANCE

Privacy

Australian Cloud complies with all applicable laws, rules and regulations including, without limitation, the Privacy Act 1988 (Cth) and the National Privacy Principles contained in Schedule 3 of that Act, regardless of whether the Customer is a small business operator for the purposes of that Act, or would otherwise be exempted from complying with that Act.

All personal data if used by Australian Cloud is held in Australia. The data centre is located in New South Wales.

Client questions raised through our support Ticket System and Live Chat is held encrypted at rest on servers located in Dallas, Texas, USA at rackspace hosting. Questions and answers are the only data held at rackspace

Client enrollments and chat related to Australian Cloud web seminars are held in Cisco’s Australian data centre.

Data Protection between Accounts

All client data is stored encrypted on a Storage Area Network (SAN) separate from the regular network. Connection between the SAN and regular network is only made on login to the user’s profile through the Australian Cloud Desktop.

The client username and password is required to decrypt individual client data using NT File System (NTFS) permissions. The only access to client data is through the Australian Cloud Desktop.

Data access by System Administrators

Australian Cloud and their suppliers do not have access to client data.  The only access to client data is through the Australian Cloud Desktop or when client permission is given to a shadow request.