This page describes how Acquia China Managed Service, built on Amazon Web Services (AWS) and Drupal, provides a secure environment for your applications. It includes the following sections:

• Shared responsibility model of Acquia China Managed Platform
• Amazon AWS control environment 
• Physical security 
• Subscriber segregation 
• Systems access controls 
• Security patch management 
• Antivirus upload scanning
• File system encryption
• SSL and HTTPS 
• Data and physical media destruction
• Logging 
• Acquia Search 

Shared responsibility model of China Managed Services¶

Security in China Managed Services is a shared responsibility of Acquia, Amazon Web Services, and the subscriber. China Managed Services provides a secure platform where Acquia subscribers can build and manage world-class, highly-secure Drupal applications. Acquia manages, monitors, and secures the environment where Acquia subscriber applications run, including the operating system and LAMP (Linux, Apache, MySQL, PHP) stack and network layers of China Managed Services. Acquia provides tools, support, and resources enabling subscribers to keep secure Drupal applications.
Subscribers have various responsibilities around the security of the applications they host with China Managed Services. Subscribers must:

• Understand what data they intend to collect and store in their Drupal application.
• Ensure that they address risk and compliance requirements, which correlate to the importance and sensitivity of the data.
• Ensure that they address security during the development lifecycle of their Drupal application.
• Ensure that they follow secure development best practices and conduct security testing as part of the change process.
• Ensure that the security controls deployed to the Drupal application are in line with the risk and the mission of the application.

Subscribers are responsible for the security of the web applications they manage on the Acquia China Managed Services, while Acquia is responsible for security controls at the network and private cloud layer.

China Managed Services is built using Amazon's AWS data centers, and uses Amazon's Elastic Compute Cloud (EC2), Amazon S3, Relational Database Service (RDS), Elastic File System (EFS), and Elastic Block Store (EBS) services. Amazon personnel neither have logical access to China Managed Services hosts or applications nor have access to the data of any China Managed Services subscribers hosted by China Managed Services.

Amazon AWS control environment¶

To maintain a high level of security, Amazon provides to its subscribers, it does not disclose every detail about network topology, physical locations, and AWS-specific security procedures to the public. China Managed Service leverages Amazon's certifications and attestations providing assurance to Acquia and its subscribers about the security of the infrastructure, network, and physical security layers of China Managed Services. Amazon shares certification information about the AWS control environment with strategic partners such as Acquia under nondisclosure agreements (NDAs), which prohibits Acquia from releasing this information to any unauthorized party. Acquia is committed to maintaining a high degree of transparency and trust with its subscribers, so Acquia makes as much information available to its subscribers as it can legally disclose.

For more information about the security of Amazon AWS, see AWS Cloud Security or contact Acquia.

Physical security¶

Amazon's AWS data centers follow and enhance best practices in data center physical security. The exterior physical security is military grade. Personnel who enter the data center are authorized and verified by a government issued ID, and two-factor authentication at each entrance point. Each entrance is monitored by video surveillance, and Amazon logs and audits all access. All visitors and contractors must present identification and sign in. Visitors are always escorted by authorized staff. Amazon AWS does not permit guests, subscribers, or strategic partners such as Acquia to either tour or inspect its data center. Therefore, Acquia can't facilitate any physical inspection of AWS hosting facilities for subscribers.

Acquia maintains some infrastructure on its premises. For example, IP phone switches and LAN equipment. This equipment is not used either to host subscriber applications or to store sensitive subscriber information. Acquia cooperates with subscribers who want to speak with the Acquia security team to discuss the China Managed Services control environment.

Subscriber segregation¶

Acquia China Managed Service provides an independent, logically-separated AWS Account for each subscriber application. Certain parts (infrastructure and databases) of the subscriber's primary technology stack in China Managed Service are provisioned on unique, logically distinct infrastructure. In China Managed Service, Acquia manages host-based firewall policies, which provide logical isolation between distinct environments in China Managed Service. The technology stack, such as SSH Access, Remote Administration environments, code repository environments, and any infrastructure in China Managed Services, are not shared between each subscription.

Systems access controls¶

Acquia limits privileged access both to the information on the subscriber infrastructure under its management and to the infrastructure themselves. Access is limited to authorized personnel. Network layer controls ensure that privileged access is always enforced through secure bastion hosts, using encrypted tunnels through standard ports.

With the Acquia China Managed Service, subscribers can create named users and upload those users' SSH public keys with support ticket, Acquia Devops team will deploy the key to the subscriber's infrastructure, enabling non-privileged access using SSH. China Managed Service provides application administrators with the ability to add non-privileged users' accounts and SSH keys, which are then deployed to the subscriber's China Managed Service task nodes.

Security patch management¶

Acquia uses a standardized Linux distribution and management tooling to deploy security patches across China Managed Service.

Acquia has a formal risk-rating system based on factors such as likelihood, impact, and severity, and deploys patches according to the following schedule:

Deployment of these patches can cause brief interruptions in service.

Antivirus upload scanning¶

Acquia installs ClamAV on all China Managed Services infrastructure. ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware, and other malicious threats. To enable ClamAV virus scanning on files as they are uploaded to your Drupal application, you must install, enable, and configure the ClamAV module, which connects to the ClamAV program on your Cloud Platform infrastructure. For more information, see Enabling virus scanning for file uploads.

File system encryption¶

For China Managed Service, EBS volumes for subscribers may not be encrypted. If you have any questions about the encryption status of your EBS volumes, contact your Account Manager.

SSL and HTTPS¶

You must configure SSL certificates on the primary domain name for your applications to provide SSL security for authentication functions and for any secure transactions taking place.

For Acquia China Managed Service, if subscribers want to enable SSL entirely, they must contact Acquia Support  to enable SSL. Subscribers must provide their own certificate.

Data and physical media destruction¶

Subscriber confidential information is never stored outside of the AWS infrastructure for extended periods or on physical media such as a CD or removable USB media.

Subscriber data is only transferred outside of Amazon's EC2 environment if needed to help solve a subscriber's problem, if the problem requires local resolution steps, and if the subscriber explicitly authorized the data. After resolving the issue, the files are purged. In practice, subscriber-sensitive information is never stored on laptops, mobile devices, or physical media outside of the protections AWS provides.

When a subscriber cancels service with Acquia, the subscriber's infrastructure is terminated, and the application data is deleted. Hard drives and other storage media are never removed from the data centers before sanitizing the data, so the data cannot be recovered. When a storage device reaches the end of its useful life, AWS procedures include a decommissioning process designed to prevent subscriber data exposure to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M (National Industrial Security Program Operating Manual) or NIST 800-88 (Guidelines for Media Sanitization) to destroy data as part of the decommissioning process. If an infrastructure device cannot be decommissioned using these procedures, the device is degaussed or physically destroyed in accordance with industry standard practices.

Logging¶

Acquia China Managed Service ensures that the appropriate level of logging is implemented at the application and platform layers for Acquia-managed assets to enable necessary analysis and investigation into an incident or issue. Acquia uses AWS S3 to retain the logs for up to 180 days.

Acquia Search¶

Acquia Search is not available in China Managed Services. However, a search service is available within China Managed Services. Search Service is hosted by an infrastructure with physical separation between each subscriber's environment. Each subscriber application's index data is segregated into separate data files and directories. Authorization to the search infrastructure allows each application to access its own search data.