- Cloud Computing
- Information Security
- Intelligent Operation & Maintenance
According to the security dimension of AWS Cloud Framework and the company's own situation, ECCOM can provide comprehensive cloud security solutions covering all aspects of cloud infrastructure and application security protection, including：
● Network resource access protection: including basic network security, DDoS protection, tenant isolation and virtual machine firewall, and web attack protection provided by cloud WAF
● Account and authorization management
● System security configuration and maintenance
● Data security, resource backup and protection on the cloud
● Security incident monitoring and response
Four-dimensional cloud security solution
ECCOM uses the four-dimensional cloud security perspective to promote the security transformation of enterprises, and help enterprises construct suitable method of security control. For each dimension, Action can be taken and measured：
● Establish safety guidelines: Establish safety management, risk and compliance models which meet the environment and characteristics of the enterprise.
● Identify security precautions: Protecting business load, reduce threats and system vulnerabilities.
● Monitoring and inspection: Improve overall visibility and transparency of deployment and operations on the AWS platform
● Establish operational and maintenance specifications for the security response
In the actual solution implement，ECCOM provides full protection on security by following methods:
● Account and authorization
Creating independent IAM user and reflect the customer's organizational structure through IAM Group. In addition to the basic best practice of setting up MFA, regularly updating passwords/keys, etc., our security practices include: subdivide AWS resources by operation content, identify user groups, build a standardized tag system for security requirements, integrate external account system through Federation.
● Network security
In terms of basic network security, security group and NACLs are used to detailing network access authorization. For more complex requirements, NGFW can be integrated to protect network security. Using VPC peering, VPN, and Direct Connect for secure network interconnection. Besides, according to the application security of the enterprise, it is necessary to integrate WAF and perform encryption and decryption of application access with ELB.
● Monitoring, Audit, Analyze
Logs of AWS platforms and services are recorded by CloudTrail. CloudWatch is used to centrally collect, manage, track, and set alerts for AWS platforms and services, as well as system, application performance metrics, and logs. Continued security check through Trusted Advisor.
● Security operation and event response
Deploy AWS resources through CloudFormation and versioning control the configuration files. Setting up CloudWatch Alarms and integrate with AWS SNS to alert security personnel to response or use Lambda to automatically response when a specific security event happens. With the help of third-party SIEM like splunk, customer can process more extensive, more detailed, more intelligent and more complex security event monitoring.
● Data Protection
Classify the data according to the needs of enterprise or compliance requirements. By using the methods of resource tags, IAM or S3 bucket, different customized tags are applied to various of resources to define and realize the strategies of each data classification. Encryption of the transmission process and storage of data is also included.
● Protect private and public cloud environments from advanced threat attacks. Effective defense against all kinds of DDOS, WEB attacks. Secure the cloud infrastructure.
● Isolation between different tenants. Ensure communication security and data confidentiality between tenants.
● Security is easily extended when replacing or migrating to a new cloud service provider. There is no need to change the security policy.
● Lower operating costs and use fewer resources to accomplish more tasks.
● Optimize security of virtual environment and mixed deployment.
ECCOM Big data analysis,breaks the data anlysis,flexibly meets the analysis needs of different scenarios.
Tel : 400-820-5-820,800-820-5-820
mail : TAC@eccom.com.cn
web : www.ECCOM.NET.CN
ECCOM Smart Service
360° Comprehensive Lifecycle Services