The name of the base system (platform): | VMware vSphere |
Developers: | DataLine (Data Line) |
Date of the premiere of the system: | September 2015 |
Last Release Date: | 2021/01/20 |
Technology: | IaaS - Infrastructure as a service |
Content |
Main article: What is IaaS
Cloud-152 is a failsafe cloudy infrastructure on the basis of the platform virtualizatsiiVMware vSphere.
2022: Confirmation of compliance with GOST R 57580
Cloudy provider DataLine January 26, 2022 announced the confirmation of compliance with GOST R 57580. 1-2017. The document contains the security requirements information protection established by regulatory acts. Bank of Russia
The "Cloud-152 cloud " - cloud infrastructure certified in accordance with the requirements Law No. 152-FZ for storage and. personal data processing Now credit and non-credit financial organizations can place systems in Cloud-152 for conducting financial transactions and containing store data secrets. bank
Assessment of compliance with GOST R 57580 requirements. On 1-2017, LLC, a "CardSec" licensee, conducted the highest enhanced level of information protection. FSTEC of Russia The evaluation process consists of checking eight information security processes, which determine one of the six levels of compliance with the standard (0, 1, 2, 3, 4, 5, 6). DataLine received a conclusion with the final audit assessment - R = 0.90, thus, the fourth level of compliance of information protection processes with the requirements of GOST R 57580.1-2017 was achieved.
"Cloud" Cloud-152 "is certified according to, PCI DSS certified according to UZ-2 and GIS K3, and also has ISO a certificate/IEC 27001. However, to meet the high requirements of GOST R 57580, we have implemented a number of additional technical and organizational measures. For example, the shelf life of logs with control amounts increased to 5 years, and the procedure for investigating IB incidents and so on changed qualitatively. Thanks to the conclusion received, banks insurance companies, non-state pension funds, brokers and other non-credit financial organizations will be able to use scalable cloud resources in compliance, "said CENTRAL BANK OF THE RUSSIAN FEDERATION the Vasily Stepanenko director of cyber defense the DataLine center. |
Since 2021, the requirements of GOST R 57580. 1-2017 are mandatory for financial companies, and regulation 757-P from 20.04.2021 made the standard mandatory also for non-credit financial organizations.
2021
Geo-redundancy capability
Cloud DataLine, certified by, is 152-FZ now available on the basis of two. Moscow data centers The company announced this on January 20, 2021.
IaaS Cloud-152 clients can now provide geo-backup for personal data storage.
The obtained certificate confirms that Cloud-152 cloud infrastructure on the Moscow sites NORD and OST allows you to post personal data up to the second level of security inclusive.
Both data centers of DataLine in Moscow confirmed compliance to requirements of Government decree No. 1119 of 01.11.2012 within certification of the environment of information processing "Cloud-152". Certification was carried out by specialists of the National Attestation Center. Between the sites, channel encryption is provided using domestic cryptographic information protection tools (SCSI).
This enables IaaS Cloud-152 customers to ensure fault-tolerant storage of personal data and place backups on geographically spaced sites in accordance with 152-FZ and by-laws.
Certification for the operation of state information systems
DataLine On January 13, 2021, the company announced that cloud the DataLine that meets the requirements 152-FZ is certified for the operation of state information systems.
The obtained certificate confirms that the Cloud-152 cloud infrastructure (in the Cloud-152 certification documents) meets the security requirements that are imposed on government security class 3 information systems (GIS K3). The requirements are fixed in Order No. 17 of the FSTEC of Russia dated 11.02.2013.
Based on the results of the tests, the system allows the processing of confidential information, and the Cloud-152 infrastructure can now host customer systems that belong to government information systems. Certification was carried out by specialists of the National Attestation Center.
The IaaS Cloud-152 infrastructure is also certified according to the requirements of Government Decree No. 1119 of 01.11.2012 and allows you to place personal data of the third and second levels of security on your capacities.
2019: Re-certification of Cloud-152 infrastructure for compliance with 152-FZ requirements
On May 13, 2019, DataLine announced that it had re-tested the Cloud-152 infrastructure for compliance with the requirements of 152-FZ.
According to the company, the obtained certificate confirms the compliance of the Cloud-152 infrastructure with the requirements of Order FSTEC No. 21 for to protection confidential activities. information
Re-certification was carried out in connection with the modernization of the Cloud-152 protected cloud infrastructure. As a result, virtual machines with a core frequency of 3 GHz, a number of cores up to 36 and RAM up to 512 GB will be available to customers. During the certification, the DataLine demonstrated that the organizational structure, regulatory and methodological support, as well as the technical equipment of the Cloud-152 comply with the established requirements of the legislation of the Russian Federation.
The certificate was issued by the National Certification Center.
This certificate confirms that the Cloud-152 infrastructure provides a second level of security for the personal data being processed. Thus, the service can be used by companies that need to ensure from the second to the fourth level of protection of personal data, as well as customers working with medical personal data in the amount of 100,000 subjects. Vasily Stepanenko, Director of the Cyber Defense Center |
The Cloud-152 infrastructure is also certified under the international PCI DSS standard.
2017: Backend as a Service Cloud Product
On October 10, 2017, DataLine announced the replenishment of its portfolio with Backend as a Service (BaaS). The service is based on the service of Prof-IT Group - Scorocode, deployed on the IaaS DataLine platform.
The service is a ready-made backend for rapid development of mobile, web and enterprise applications, allows developers to reduce the time to organize an environment for creating applications, save on the purchase of equipment and pay only for the resources used.
Resources are managed through a functional personal account, in which the user can work with server JavaScript code, application servers running nodejs, APIs, manage access and view analytics about the use of the application. On the basis of Scorocode, it is possible to deploy private clouds for solutions of various levels, including personal data protection according to 152-FZ.
The service is deployed in a fault-tolerant cloud DataLine based on Tier III data centers. According to DataLine, the guaranteed availability of the service is 99.982%.
2015
Cloud-152 Security and Architecture
As of September 2015, all protections used in the Cloud-152 architecture are certified by FSTEC.
Physical security
- Multi-level access control
- 24-hour video surveillance of internal premises and surrounding areas with storage of video recordings for 3 months
- Individual railings for posts
- Solutions ACS for fencing or rack, biometrics
- Dedicated video surveillance solutions (APC Netbotz, etc.)
- Additional sensors for opening of rack doors
- Safe racks
Network Security
- Segmentation of networks in the cloud via VLAN and CheckPoint FW firewall
- Monitor interaction with external networks through Check Point Security Gateway intrusion detection
- Protection against unauthorized access SecretNet and PAK Sable
- Protection of communication channels by means of cryptography:
- - GOST encryption via S-Terra virtual crypto gateway
- - Encryption on the second layer using the protocol MacSec
- - Organization VPN using AES, 3DES coding
- Session Writer Proxy Wallix
- Kaspersky Anti-Virus Protection
Virtualization Platform
- VMware vSphere
- Virtualization Protection vGate R2
Architecture
Cloud-152 Service Launch
DataLine launched the Cloud-152 service in September 2015, which allows you to take advantage of the cloud model to host personal data in accordance with the requirements of 152-FZ.
All security features in the Cloud-152 architecture, including network security tools, are FSTEC certified . Different service configurations allow you to place personal data of any level of security in the Cloud-152.
The solution is deployed in two data centers DataLine NORD. The next stage, the company plans to launch a disaster-tolerant version of the service, connecting the second "shoulder" of the cloud in the data center DataLine OST. As a result, Cloud-152 will provide customers with every level of reliability they need to host business critical systems and data.
Seamless migration of information systems to Cloud-152 is carried out from both physical equipment and external clouds. Also for customers of DataLine the creation of the hybrid decisions providing optimum integration of a cloud-152 into the main IT infrastructure of the companies is possible.
The DataLine team is ready to organize full support of Cloud-152 customer information systems: audit, development of a threat model and technical design, preparation of all necessary documentation for system certification and passing inspections at Roskomnadzor.
- Community cloud for posting personal data with 2, 3, 4 levels of security.
- Private cloud for hosting personal data with 1 level of security.
- Disaster-tolerant cloud-152 based on two sites - data center NORD and OST.
- The ability to integrate your IB tools and hardware into the architecture of our solution.
- Certification and maintenance of information systems together with our partners:
- developing a threat model
- preparation of documentation (threat model, technical design, organizational documentation, letter to Roskomnadzor)
- evaluation of the information system
- maintenance of the information system