11 security concerns with cloud-based DCIM, answered

Categories: Inside HyperviewBy Published On: January 5th, 2022977 words
Cloud Security

As Chief Technology Officer, I still get a lot of questions about cloud-based digital infrastructure management that are essentially security questions. Traditionally, data center infrastructure management (DCIM) software was installed on-premises, but now there’s a tug of war between that outdated deployment model and the obvious benefits of using a cloud-native DCIM application.

This next generation of DCIM software is much better equipped to handle the increased data volumes (such as, IoT sensor data), data analysis services, data enrichment, and interactions with other enterprise SaaS products. Hosting your application data in the cloud is essentially a reimagining — or reinventing even — of traditional DCIM software, so I’m going to address those security concerns by answering the 11 most common questions I receive about our cloud-based digital infrastructure management platform.

1. Where will my data be hosted?

Hyperview deploys on top of Microsoft Azure, an industry-leading cloud service that was built with enterprise security in mind. By deploying with Azure, you benefit from Microsoft’s multibillion-dollar R&D investment, decades of experience in testing and monitoring, and thousands of cybersecurity experts working 24x7x365 to safeguard your data.

2. Can I choose the geographic location where my data is hosted?

Yes. As Hyperview is deployed over Azure geographies, we can offer any number of locations for users to host their data. Choosing a location that is geographically closer to your principal location of business reduces any latency or data residency issues. In fact, when subscribing to Hyperview, choosing a geographical region for hosting is one of the first options. Currently, Hyperview provides hosting in US East, US West, and Europe North. More locations are added based on user demand.

3. How do you address my disaster recovery requirements?

In the event of a catastrophic data center failure, Hyperview protects your data utilizing multiple strategies:

  • Data is automatically replicated to multiple Azure regions.
  • In addition to replication, data is also backed up and stored in an encrypted multi-region redundant store.
  • Should an entire Azure region go down, Hyperview ensures you can be up and running quickly in a different Azure region.

4. What kind of data do you keep in Hyperview?

Hyperview is a digital infrastructure management platform and the bulk of the data is machine data that is gathered and analyzed. Hyperview also stores user data for the purposes of user access. However, your data remains your data; if you no longer wish to use Hyperview, your data is destroyed.

For more information about the types of data we store and how we classify data in the platform, read our Security Overview.

5. How are you keeping my data separate from other customer data?

All customer user identification data and application data — including time-series data — is kept in dedicated database instances. This architecture ensures that independent user data is never mixed. Microsoft has designed Azure using networking virtualization to ensure individual customer networks remain segregated and secure.

6. Is my data secure in transit and at rest?

The short answer is, yes. The longer answer relates to data encryption depending on what state the data is in:

  • Whenever there is any communication between the user and the platform or between the data collector and the platform, data is in transit and is encrypted using HTTPs protocol.
  • When data is at rest, it is encrypted in Azure.

7. Does Hyperview put a cap on the number of users, and do you offer advance authentication options?

Hyperview enables an unlimited number of users while providing several advanced options for authenticating those users. These include two-factor authentication, and single sign-on for federating with Azure AD or Microsoft Office 365.

Administrators can enforce single sign-on and two-factor authentication. They can also create user-provisioning policies. All these features are built into the foundation of the Hyperview platform.

8. Do you offer role-based access control?

Yes. Each user is associated with a role that dictates how they can interact with assets, and which application features they can access. Hyperview grants the most access privileges to the Administrator role with gradually fewer access privileges enabled to each role below that.

ROLE PRIVILEGES
Administrator Has unrestricted, system-wide access in Hyperview and is not impacted by asset access policies
Data Center Manager Has complete asset management privileges, but cannot run or configure discoveries, administer accounts, view the application log, or make system-wide changes
Power User Has Data Center Manager-level privileges, but cannot delete or bulk delete records
Reporting Has read-only access to Hyperview for reporting purposes
Read Only Has read-only access to Hyperview

9. How can I limit what each user has access to?

Security and access control are critical in any enterprise application, particularly when leveraging cloud-native architecture. With built-in access control, you can limit user access right down to each asset. This allows administrators to control access to the various areas within your organization, such as department, customer, logical group, and/or asset.

10. Can I provision multiple users using a trusted source like Azure Active Directory?

Yes. In Hyperview, administrators can create policies to auto-provision user accounts for Azure Active Directory (AD) domains. These domains are mapped to specific user roles, groups, and access policies which auto-provision users upon logging in to Hyperview with their Microsoft login.

11. What other security options do you have available?

If you require additional security and data isolation, you can deploy Hyperview in a managed private cluster by selecting the Azure region in which you would like to be deployed and the capacity you would like to provision. The rest is taken care of by the Hyperview team.

To sum it up, we designed Hyperview as a cloud-native, API-first application, which provides numerous ways to ensure your DCIM can be hosted in the cloud securely. From leveraging Microsoft Azure’s vast investment in providing secure PaaS applications to future proofing the solution with private clusters, Hyperview is striking a balance between flexible cloud-based digital infrastructure management and robust security capabilities.

About the Author: Rami Jebara
Rami Jebara is the Chief Technology Officer at Hyperview. He oversees technology, software engineering, and security.
Hyperview Blue 150

DCIM reinvented

Let’s get started!

RECOGNITION