Cloud Office and IT security
This is a technical security brief on Cloud Office and IT security. To learn about each item in more detail, please contact us. Or, check out our data security page for an overview.
The Cloud Office
The Inderly Cloud Office is a remote-first, zero-trust, perimeter-less, multi-cloud product consisting of hosted Windows Servers and RDSH servers combined with traditional managed services.
All services are delivered through a remote desktop server. The security perimeter is considered the perimeter of the Cloud services, with basic security controls in place on managed endpoints.
- Zero-trust security for all endpoints.
- Company data is stored in the cloud and all access points are secured with MFA and only available through RD Gateway.
- 24/7 monitoring and alerting.
- Specific ransomware mitigation policies in place on file services remote access (EFSS product).
- Web content filtering.
- Fully managed AD, file server.
- Hourly backups with nightly offsite replication to geographically redundant storage and a separate provider.
- Cloud Office is hosted on dedicated hardware for each client through OVH Canada for maximum security and up-time.
- Cloud Office is available to be hosted on Microsoft Azure for additional compliance needs if required (at additional cost).
- 365 ATP content filtering plus conditional access rules.
- Managed endpoints are kept up to date and monitored for abnormal usage.
- All endpoints, regardless of management status, are considered “untrusted” by the Cloud Office.
Network security for your office
- Primary offices are protected with a managed gateway.
- No services accessible from outside.
- A site-to-site link between the primary office and the Cloud Office RDSH server exists to connect peripherals.
- No access between connected networks and protected servers (AD, file server, etc).
- Isolated guest and sub-tenant networks.
- Monitored for abnormal usage.
- Optional content filtering in office or on all managed endpoints.
- All Cloud Office changes are managed through a central control board.
- MFA in place on all points of access.
- No common points access (RMM agent, shared credentials, etc.) between primary and DR site to avoid a single point of compromise.
- Identity verification for all changes through callback to a known number or MFA push to end user.
- Changes must be approved by previously-authorized users.