Combell Cloud ServerSecurity

Physical protection

The physical access to Combell’s data centre, inside the excellently protected infrastructure of InterXion, is very strictly regulated. At any given time (24/7), specifically trained security people on location will monitor the access to the building and its usage. Of course, there is also a video monitoring system, as in most other data centres. All the people and all the hardware that enter or leave the building have to be registered in advance.

Combell’s entire infrastructure is located in there in its own ‘private cage’, of which the access is once again strictly regulated. Only Combell’s systems engineers, who have successfully undergone a screening process when they have been hired, can access the company’s own private space. Combell customers have no access to the premises, except if accompanied and for very specific reasons.

Network protection

Combell puts a high value on network security and therefore works exclusively with its own experienced security officers. In any case, a firewall is enabled. This firewall is strictly founded on established technology that has widely proven itself within the market. The precise architecture of the network protection is a choice that is made in consultation with the client.

For less critical applications, Combell customers can go for a shared firewall. This solution actually offers a sufficiently high security level where application rules are concerned. But on account of the larger number of underlying sites/servers, the odds are higher that the firewall will encounter problems in case of an attack or incident on another website.

A dedicated firewall offers much higher availability guarantees, in particular if those are also installed redundantly or clustered. In this scenario too, Combell offers full ‘managed services’: the settings and security rules are discussed in close consultation with the customer and managed 24/7 according to that agreement. The chosen firewall technology is confidential and is discussed directly with the client.

For highly sensitive data, Combell advises an approach involving several servers – for instance web servers (front-end), potentially also application servers, database servers – that are also separated from each other by a firewall. Only the servers that need direct contact with Internet are located in what is called the DMZ (demilitarized zone).

System management and backups can be performed optionally via a separate back-end firewall. The user traffic and system management are in this case strictly separated from each other. This back-end firewall also works as a VPN concentrator: by establishing a LAN-to-LAN connection (based on IPSec technology), or via a VPN ‘dialup point’, an encrypted tunnel can be set up between your office or home computer and your hosted environment.

A Virtual Private Network (VPN) is a data network within the Internet that has been isolated through encryption. There is no need for a personal, entirely isolated infrastructure because the isolated data traffic can only be decrypted by the receiver.

Combell also offers optional additional IDS/IPS solutions (intrusion detection system/intrusion prevention system). Via a worldwide network of purposely vulnerable systems (‘honeypots’), this technology collects fingerprints from popular attack methods and semi-automatic hacking (exploits). Thanks to the IDS/IPS function, a firewall managed by Combell is able to immediately detect and block these exploits.

Data protection

Malfunction and human error are still the main causes of data loss. Combell therefore advises you about appropriate data loss solutions (fault tolerance) and/or methods to limit its consequences (replication; back-up & restore).

  • Fault tolerance: Technical measures that ensure that a malfunction does not immediately cause failure and/or data loss. These measures include redundant power supplies on servers and storage hardware and RAID technology (synchronisation and/or parity check between hard disks, which allows for hard disk failure without causing data loss).
  • Replication: Data are continuously copied to a second storage system. When the first storage system fails, the data remain available. Replication offers the possibility to quickly revert without mentionable disruptions when the first storage system fails. On the other hand, replication does not necessarily offer protection against software errors, corrupted data and human errors – because the corrupted data are replicated to the second storage system as well. Several versions can however be saved via snapshot technology.
  • Backup & restore: A backup copy of the data is saved at regular intervals on a separate system or in a secure location (offsite). These data offer a restore point with the last known good configuration of a database or set of business data to which can be reverted. Combell determines in consultation with the customer what will be the appropriate frequency and desired restore time.
  • Encryption: Combell can store and duplicate very sensitive business data (e.g. personal information) in an encrypted format, so it will only be readable on your own servers.

Combell takes care of managing and verifying your data protection, for instance through regularly checking the integrity of replicated data. Our strict operational routines and vast technical experience offer the best possible protection of your data.

Lastly, Combell offers financial guarantees if, despite the appropriate precautions, data loss should occur after all.

More info

Managed Cloud Server

With a dedicated 24/7 support team

From 131.32 /month