Protect your data with Cloud-Powered Security

ArexCloud Security

Cloud security at Arex is the highest priority. As an Arex customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.

An advantage of the Arex cloud is that it allows customers to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment.

Security Platform

Infrastructure Security

Arex provides several security capabilities and services to increase privacy and control network access. These include:

Network firewalls built into VPC, and web application firewall capabilities in Arex WAF let you create private networks, and control access to your instances and applications
Customer-controlled encryption in transit with TLS across all services
Connectivity options that enable private, or dedicated, connections from your office or on-premises environment
Automatic encryption of all traffic on the Arex global and regional networks secured facilities

DDoS Mitigation

Availability is of paramount importance in the cloud. Arex customers benefit from Cloud services and technologies built from the ground up to provide resilience in the face of DDoS attacks.

A combination of Arex services may be used to implement a defense in depth strategy and thwart DDoS attacks. Services designed with an automatic response to DDoS help minimize time to mitigate and reduce impact.

Learn about how to use Arex technologies like autoscaling, CloudFront and ArexDNS help to mitigate Distributed Denial of Service attacks.

Data Encryption

Arex offers you the ability to add an additional layer of security to your data at rest in the cloud, providing scalable and efficient encryption features. This includes:

Data encryption capabilities available in Arex storage and database services, such as Glacier, Oracle RDS, SQL Server RDS, and Redshift
Flexible key management options, including Arex Key Management Service, allowing you to choose whether to have Arex manage the encryption keys or enable you to keep complete control over your keys
Encrypted message queues for the transmission of sensitive data using server-side encryption (SSE) for SQS
Dedicated, hardware-based cryptographic key storage using Arex CloudHSM, allowing you to satisfy compliance requirements

In addition, Arex provides APIs for you to integrate encryption and data protection with any of the services you develop or deploy in an Arex environment.

Inventory and Configuration

ArexCloud offers a range of tools to allow you to move fast while still ensuring that your cloud resources comply with organizational standards and best practices. This includes:

A security assessment service, Our security inspector, that automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage

Deployment tools to manage the creation and decommissioning of Arex resources according to organization standards

Inventory and configuration management tools, including config, that identify Arex resources and then track and manage changes to those resources over time

Template definition and management tools, including cloud formation to create standard, preconfigured environments

Monitoring and Logging

ArexCloud provides tools and features that enable you to see exactly what’s happening in your secure environment. This includes:

Deep visibility into API calls through Cloud Trail, including who, what, who, and from where calls were made

Log aggregation options, streamlining investigations and compliance reporting

Alert notifications through ArexWatch when specific events occur or thresholds are exceeded

These tools and features give you the visibility you need to spot issues before they impact the business and allow you to improve security posture, and reduce the risk profile, of your environment.

Identity and Access Control

Arex offers you capabilities to define, enforce, and manage user access policies across Arex services. This includes:

Arex Identity and Access Management (IAM) lets you define individual user accounts with permissions across Arex resources

Multi-Factor Authentication for privileged accounts, including options for hardware-based authenticators

Directory Service allows you to integrate and federate with corporate directories to reduce administrative overhead and improve end-user experience

Arex provides native identity and access management integration across many of its services plus API integration with any of your own applications or services.

Penetration Testing

Arex continually tests its infrastructure; the results are summarized in our compliance reports. Arex customers can carry out security assessments or penetration tests against their own Arex infrastructure without prior approval for a number of core services, see our penetration testing section for more details.

Improving Continuity With Replication Between Regions

In addition to replicating applications and data across multiple data centers in the same region using Availability Zones, you can also choose to increase redundancy and fault tolerance further by replicating data between geographic regions.

Meeting Compliance and Data Residency Requirements

You retain complete control and ownership over the region in which your data is physically located, making it easy to meet regional compliance and data residency requirements.

Protecting Data with Encryption on the Global Network

All data flowing across the Arex global network that interconnects our datacenters and regions is automatically encrypted at the physical layer before it leaves our secured facilities. Additional encryption layers exist as well; for example, all VPC cross-region peering traffic, and customer or service-to-service TLS connections.

The following Managed Services are included with every HIPAA compliant hosting plan