Cloud Office and IT security
The Cloud Office
The Inderly Cloud Office is a remote-first, zero-trust, perimeter-less, multi-cloud product consisting of hosted Windows Servers and RDSH servers combined with traditional managed services.
All services are delivered through a remote desktop server. The security perimeter is considered the perimeter of the Cloud services, with basic security controls in place on managed endpoints.
- Zero-trust security for all endpoints.
- Company data is stored in the cloud and all access points are secured with MFA and only available through RD Gateway.
- 24/7 monitoring and alerting.
- Specific ransomware mitigation policies in place on file services remote access (EFSS product).
- Web content filtering.
- Fully managed AD, file server.
- Hourly backups with nightly offsite replication to geographically redundant storage and a separate provider.
- Cloud Office is hosted on dedicated hardware for each client through OVH Canada for maximum security and up-time.
- Cloud Office is available to be hosted on Microsoft Azure for additional compliance needs if required (at additional cost).
- 365 ATP content filtering plus conditional access rules.
- Managed endpoints are kept up to date and monitored for abnormal usage.
- All endpoints, regardless of management status, are considered “untrusted” by the Cloud Office.
Network security for your office
- Primary offices are protected with a managed gateway.
- No services accessible from outside.
- A site-to-site link between the primary office and the Cloud Office RDSH server exists to connect peripherals.
- No access between connected networks and protected servers (AD, file server, etc).
- Isolated guest and sub-tenant networks.
- Monitored for abnormal usage.
- Optional content filtering in office or on all managed endpoints.
- All Cloud Office changes are managed through a central control board.
- MFA in place on all points of access.
- No common points access (RMM agent, shared credentials, etc.) between primary and DR site to avoid a single point of compromise.
- Identity verification for all changes through callback to a known number or MFA push to end user.
- Changes must be approved by previously-authorized users.