Security of CloudPassage

Follow

Comments

6 comments

  • Avatar
    Tatiana

    Let me get some more information on that so we can give you a complete answer.

  • Avatar
    Carson Sweet

    Christian, great question.

    Some of what we do to secure Halo is part of our intellectual property portfolio and is available under NDA. We'd be happy to set one up if you'd like a deeper dive. Here's a summary of Halo's internal security, however, broken down by component:

    Halo Daemon
    • Fully compiled C code with extensive security measures to protect daemon on disk and in memory
    • Daemon does not have listening ports (you cannot connect to a Halo Daemon remotely in any fashion)
    • All locally stored data is encrypted with the exception of an ID used only for external integration (e.g. Chef, Puppet)
    • Daemon is scanned for integrity from an outside source each 10 minutes (approximately 15 factors are examined)
    • Halo can be configured to shut down daemons immediately if integrity checks fail (with alerts)
    • Email alerts can be configured anytime a daemon is deactivated or goes dark (e.g. killed violently) or if integrity is compromised
    • Uses native package authentication and integrity (depending on platform - yum sigs, apt sigs, or Authenticode)
    • Halo Daemon development follows documented industry best practices for application security
    • Halo Daemon is regularly exposed to hostile testing by a third party (includes local testing for memory-level attacks, etc)
     

    Halo Grid
    • Grid servers are isolated from end user functions (Halo Portal and Halo Grid are separated)
    • Grid servers are extremely hardened and are themselves protected by Halo
    • The only interface to the Halo Grid is an HTTPS interface that requires authentication to initiate any operation
    • Halo Grid development follows documented industry best practices for application security
    • Halo Grid is regularly exposed to hostile testing by a third party and is continuously tested by automated pen-testing tools


    Halo Daemon < -> Halo Grid Communication
    • All communication occurs over HTTPS
    • Initial handshake includes mutual authentication (application level, above HTTPS to prevent MiM attacks)
    • Message payloads from Daemon to Grid and vice-versa are digitally signed and encrypted (also at application level, above HTTPS)
    • One key per daemon, which allows encryption to serve as message authenticity, integrity, and authorization control
    • Message replay attacks are protected against cryptographically
    • Daemon <-> Grid protocol is regularly exposed to hostile testing by third parties and is continually pen-tested using automated tools
     

    Halo Portal
    • Portal is isolated from Grid and Daemons
    • HTTPS protocol only
    • User authentication required for any operation
    • User authentication implements protection against brute-force attacks
    • Future functionality includes requiring GhostPorts two-factor authentication for portal access
    • Critical portal operations are logged and can be alerted upon
    • Halo Portal development follows documented industry best practices for application security
    • Halo Portal is regularly exposed to hostile testing by a third party and is continuously tested by automated pen-testing tools

    Again, this is a summary. There are other mechanisms in place that are part of our IP portfolio and/or are too exhaustive to list here. We're also constantly improving the security of the Halo environment.

    We currently have documented third-party audits that are not appropriate for public disclosure (again, can be examined under NDA). However, we're working on a public-facing document and providing third-party compliance attestations.

    Comments and feedback always appreciated!

  • Avatar
    Christian Claborne

    All of this is very helpful.  I'm doing a review for a client and may publish my results in a cloud blog so please don't send me anything that would require an NDA :)

    Do you have any certifications (like ISO 27001)?

    What country is your data center located in?  

    Is it your data-center or hosted by another party (like AWS etc)?

    How resilient is your service to single point of failure?  Nothing too detailed but if you are in multiple sites wih redundant power and network, that would be enough.)

     

    Thanks

  • Avatar
    Tatiana

    Great!  It might be easiest to get on a call to discuss all of your questions and feedback rather than go back and forth on the forums - I'll email you privately and we can set something up. Thanks!

  • Avatar
    George Romano

    Could you please contact me regarding this? I have a question regarding the data center as well.

    Thanks!

  • Avatar
    Tatiana

    Hi George,

    Thanks for reaching out! I'll shoot you an email so we can connect in-depth offline.

Please sign in to leave a comment.

Powered by Zendesk