Introducing Acquia Cloud Shield
by Andrew Kenney
Today, Acquia introduced a new level of service that offers our customers dramatically improved network security. Acquia Cloud Shield provides a completely isolated private network through which all intra-system traffic is routed to prevent infiltration by an intruder, as well as secure IPsec tunneling to offsite systems. Shield combines the security benefits of a private network with the ease of operation of a managed platform-as-a-service. Never before have organizations been able to this easily bridge their corporate network with the cloud and launch applications that connect securely to internal services. We’re excited to put Shield to work for our most advanced customers.
Shield introduces a layer of private routing tables that obscure enterprise traffic from eyes on the open Internet. Only approved traffic can pass through the appropriate service ports on the public interface, and rigorous firewall rules protect against security breaches. Probing of ports and many familiar exploits will be a thing of the past for Shield customers.
There are several usage scenarios for which we recommend Shield:
- Multi-tier web services: In many cases, our customers run instances on a publically accessible subnet, but need to keep sensitive data, such as customer information, financial systems, and proprietary algorithms, private and separated from the public network. Shield supports an inbound/outbound packet filtering configuration that prevents any access to the private system.
- Datacenter-to-web connections: Using a combination of public and private subnets, traffic can be routed from your Acquia Cloud-hosted application to supporting systems in a remote location, such as a corporate datacenter, through a dedicated, highly available hardware VPN connection. This gives you a secure pipe for calling and using data in large transactional processing systems, real-time business intelligence, or other secure systems to craft increasingly responsive and individualized solutions. You can securely and easily bridge legacy or backend systems such as LDAP to your sites on Acquia Cloud over a trusted, direct connection.
- Content repositories: Shield offers a solution that provides security and network-level isolation for those cases where customers want to use Drupal as a central content repository or want to connect their site to a backend data store.
Shield also lays the foundation for continued improved performance, private-subnet-to-private-subnet gateways, and directly connected VPC peering to support more complex data processing scenarios.
Shield generates a more connected, cohesive customer environment bridging private networks and public cloud environments. With the availability of Shield, a greater number of customers can take advantage of Acquia Cloud’s 24x7 monitoring and 99.95 percent uptime SLA for a greater number of their websites. We firmly believe Shield is the most secure way to run a Drupal application and reinforces our “We won’t let you fail” mantra.