Product Description Certified Data Center Segment
Attested Data Center Segment (A-DC) — IT infrastructure to accommodate an information system with enhanced data protection requirements. The requirements are fulfilled in accordance with the distinction areas of responsibility.
Only dedicated servers of any configuration and network equipment provided by Selectel.
A-DC is used for:
- certification of the information system in accordance with the requirements of FSTEC Orders No. 17 and No. 21;
- processing of personal data up to the first (maximum) level of security in accordance with the requirements of the 152-FZ;
- security controls at the infrastructure level;
- increasing the loyalty of service users by meeting the requirements of Russian laws and international standards.
To meet security requirements, the A-Data Center service includes:
- data center engineering infrastructure;
- certified information system (hereinafter — IS) "Managed Security Services";
- certified IS "Administration";
- certified IS "Information Security Monitoring".
A-Data Center Services
Placement of equipment in A data centers
Ensures compliance with data center engineering infrastructure requirements in accordance with PCI DSS, 152-FZ (FSTEC Orders #17 and #21), GDPR, SOC-2, ISO 27001, ISO 27017, ISO 27018, performs security measures related to physical access to equipment, maintains continuous operation of the infrastructure.
If you select an infrastructure level service, infrastructure level services are provided:
- dedicated servers of any configuration;
- hardware firewall: Fortinet, UserGate, Cisco, Continent, CheckPoint;
- optional: Selectel network equipment.
With the service Placement of equipment in A data centers you can connect additional information security services:
All equipment is housed in racks related to the A-Data Center service.
When connecting servers in the A data center, the following is used typical connection diagram.
Dedicated servers are switched behind a dedicated firewall and have no direct connection to Selectel's internal networks or to other clients' networks. Because of this, Selectel's internal systems do not have access to server information, and the server cannot be managed through the Selectel Control Panel. The Selectel Control Panel displays the message "No power information" for such servers. All connections to external networks go through the firewall.
You can only connect to servers in the A data center through IPMI interfaces that are firewalled together.
When conducting performance evaluation (attestation) of the information system hosted by the A-DPC, the following shall be provided:
- excerpt from the document "Threat model and security violator of the data center engineering infrastructure information security provided within the framework of the "Attested Data Center Segment" service of Selektel Joint Stock Company";
- Confirmation of infrastructure placement;
- serial numbers and special firewall security marks;
- if additional information security services are used — serial numbers and special security marks.
Server protection
Provides protection from current threats, fulfillment of the requirements of FSTEC Orders No. 17 and No. 21, as well as the requirements of international standards for information systems in the client's area of responsibility.
Upon activation of the service, access to the selected specialized software or hardware-software information protection tool is provided:
Managed security services and administration
Allows for both one-time installation and configuration of information protection tools and full system support, including response to security incidents.
The service is provided using IS "Administration", IS "Managed Security Services" and IS "Information Security Monitoring", which allows the certified systems to be transferred to Selectel for administration without violating legal requirements.
Information protection requirements to be met
Compliance within Selectel's area of responsibility is regularly reviewed and confirmed by external auditors.
Areas of responsibility
Selectel is responsible for security related to physical access to the IT infrastructure and implements part of the physical security measures that are in his area of responsibility.
Selectel is not responsible for the operation of the system and application software of the servers, firewall administration and security related to logical access to the information system. Selectel's internal systems do not have access to the servers hosted in the A-DDC.
Cost
Depending on the type of balances in the account, the following is used for payment single balance or basic balance. Before ordering a service top up.
The cost depends on the amount of equipment to be placed and additional services ordered. It includes:
- cost of a dedicated server of arbitrary configuration;
- firewall cost;
- cost of the service Placement of 1U equipment in the Attested segment of the data center. The service must be ordered for each unit;
- cost of selected information protection means within the framework of the Server Protection service.