Security is paramount on the Internet and Tenzing takes it very seriously. Because of its comprehensive Information Security Management System (ISMS), Tenzing is one of the only IT services companies in North America audited and recommended for ISO 27001 (Information Security) certification, the most comprehensive information security standard in the World. Moreover, as a Canadian company, Tenzing is bound by strict privacy laws which protect its customer's confidential information.
Reduce Costs - Save time and money by leveraging Tenzing's ISO 27001, SAS70 and PCI certifications to assist with compliance requirements
Mitigate Risk - Better protect the integrity of your data and brand through the proactive and multi-layered approach of Tenzing's security team
Comprehensive Security Solutions
With Tenzing, customers have access to a comprehensive suite of security services. When taken together, these services offer a proactive and multi-layered approach to information security that provides everything necessary to maintain system and data integrity and ensure compliance with key industry information security standards, such as PCI and SOX. Tenzing's security services and policies are designed, maintained, and enforced by Tenzing's expert security team. » View AlertLogic's Network Defence Against Threats
-
Physical Security Services
Tenzing's Data Centres are protected by multi-layered physical security measures. These security measures include: 24x7x365 security personnel, dual-factor electronic and bio-metric authentication systems, surveillance cameras, and multiple man-traps. Access to the Data Centre floor is strictly limited to Tenzing's Data Centre technicians and bonded facility maintenance engineers.
-
Network Security Services
Security is ingrained in Tenzing's network services through its basic architecture, specialized security tools, and the policy and procedures which govern its management. For example, Tenzing employs: separate physical network segments for public ("front-end"), private ("back-end"), and backup and administration; vLANing, NATing and VIPing; Packet per Second "Storm" controls; encrypted assess controls; default deny-all policies; and more.
-
Firewall & VPN Services
Tenzing's Firewall and Virtual Private Networking (VPN) services are built on state-of-the-art Juniper ISG technology engineered specifically for service providers such as Tenzing. This enterprise-class security solution uses the latest Application Specific Integrated Circuit (ASIC) technology to enable wire-speeds for advanced security features, such as: stateful packet inspection firewalling and client-based and site-to-site VPN services.
-
Abuse Management
The Abuse team is tasked with maintaining Tenzing's positive reputation as a responsible hosting provider and network operator. The team is also responsible for monitoring and enforcement of its Acceptable Use Policy (AUP), which defines legitimate use of client servers and network services. This team is composed of senior members of the Network, Security and the Service Desk teams.
- DNSBL listings (Spamhaus, SpamCop, MAPS, Barracuda, others)
- Email Feedback Loop subscriptions from major mail carriers (AOL, RR, Hotmail, others)
- Third party abuse/spam submissions
- Legal claims and copyright infringement notices
- Security alerts and network intrusion events
- Phishing page and malware distribution reports
- Upstream network and Peering reputation
- Denial of Service (DoS) attack incidents
-
Compliance Testing and Auditing
A comprehensive compliance testing and auditing service is available from Tenzing. These services will analyze your application for known security issues, report non-compliance, provide remediation suggestions against common information security standards (such as SOX, HIPAA, PCI), and create an audit trail to prove compliance over time.
AlertLogic: Intrusion Detection System
Tenzing leverages AlertLogic to provide a critical layer of network defense against threats that easily bypass perimeter and endpoint defenses - constantly protecting your internal network from viruses, worms, and other threats. AlertLogic combines intrusion detection, vulnerability management and compliance reporting technology into a single integrated solution that offers both proactive and reactive protection from the latest threats. AlertLogic leverages a worldwide view of security event trends through its other global deployments to maintain accurate and relevant network security intelligence, not just your basic IDS. Tenzing's own security team works with AlertLogic's Security Operations Centre to quickly identify, escalate, contain and mitigate security breaches around the clock. AlertLogic's IDS allows you to monitor attacks on many elements of your server, including:
- Network-layer attacks (such Denial of Service [DoS] attacks)
- Web and Database services (Oracle, MySQL, MSSQL and Apache or IIS)
- Brute force attacks (quickly trying to guess accounts and passwords)
- Network scans (early reconnaissance scans to determine what sort of vulnerabilities exist in your environment)
- Application layer weaknesses (Custom developed web code, SQL injection attacks, Cross Site Scripting)
PCI-DSS Vulnerability Scanning:
Tenzing's PCI Vulnerability Scanning service leverages AlertLogic's Approved Scanning Vendor (ASV) status to produce qualified security reports for use in PCI-DSS certification and audit activities. Companies transacting credit card data need to produce an annual Report on Compliance (RoC) and conduct quarterly vulnerability scans to satisfy key PCI-DSS requirements.
- Tenzing configures and produces a PCI-DSS 'test' report which outlines security vulnerabilities resident in the in scope infrastructure
- Client coordinates remediation of PCI-DSS impacting findings and submits a rescan
- Tenzing delivers a PCI-DSS ASV report, certifying point in time compliance with the security standard