Microsoft CSP Cloud-Ops

HIPAA/HITRUST Azure Clouds

Secure Azure Cloud-Ops

Project Online Cloud-Ops

Dynamics 365 Cloud-Ops

Office 365 Cloud-Ops

FedRAMP for Commercial

Managed/Admin Services

Project Hosts Pricing

ISV / Partner Advantages

Custom Cloud Solutions

Azure Managed Services with Extended SecurityAzure Managed Services with Extended Security

Azure is an exceptional cloud platform that lets you move on-premises solutions into a more cost-effective, higher performance and more scalable cloud. For many companies, ensuring that their Azure deployment is fully secured and complies to their required security standards and policies is vital to protect their business assets, data and employees.

Project Hosts can implement the necessary security controls on your (or our) Azure subscription including ISO 27001, HIPAA/HITRUST, NIST 800-53, and FedRAMP Moderate, High and DoD CC SRG IL4/5 level with full compliancy. 

In addition, we can also provide the managed services for your subscription that ensures ongoing trouble-free operation in your highly secured private cloud. 

Cloud Security Specialists

Whether you need us to provide managed services for your Azure cloud subscription, or you need us to deploy, host and manage the solution over it's lifespan, rest assured we will secure your cloud. Our cloud security experts have the expertise and compliance competency for today's most rigorous cloud security standards including ISO 27001, NIST 800-53, HIPAA / HITRUST, FedRAMP Moderate, High,  and DoD CC SRG IL4/5. Government security standards such as FedRAMP/DoD are only available in a Project Hosts' subscription.

By leveraging an Azure IaaS or PaaS cloud platform you can quickly create a a windows server environment with minimal effort and trust that the infrastructure (servers/storage/network) and platform (operating system/database) elements will be available 24x7. But once servers are spun up, application management services are still needed. Project Hosts' Azure Managed Services with Extended Security fill the current gap that many enterprises and government agencies have in managing critical elements of their Azure deployments:

Security Management

Azure takes care of the physical security of their data centers as well as access control and the security surrounding physical devices. But Azure leaves it up to each customer to secure and restrict access to their own virtual servers/subnets.  Secure your Azure/AWS subscription:

Continuous Monitoring & Optimization

When a deployment is first architected for Azure, it is optimized and updated for its initial and originally intended usage scenario. As time passes, deployments are typically modified to meet additional needs and as such require additional updates and re-optimization:

User Support

Project Hosts offers a unique Person-2-Person support service to ensure customer satisfaction and resolve issues as they arise:

SECURITY MANAGEMENT SERVICES

Access Control Azure provides a management gateway where access control “firewall” rules can be set for an entire subscription. This is one aspect to securing the “front door”. But security industry best practice is to also put in place Web Application Proxy (WAP) and Remote Desktop Gateway servers to further protect that front door
Intrusion Detection / Prevention Azure does not have a built-in solution for Intrusion Detection at the application layer. Best practice is to install software on the WAPs to manage this. Adding Intrusion Detection Systems (IDS) also requires sophisticated alerting mechanisms combined with log review by security experts that know what to look for.
Malware Protection Management Each virtual server in Azure should have antivirus software installed on it and regularly updated. Unfortunately there are times when either a Microsoft software update or an antivirus software update can cause a system conflict that can severely impact the performance of critical applications. To quickly resolve, or even avoid these performance-related issues requires a deep understanding of the application and how antivirus software and updates affects it.
Application Lockdown Maintenance In addition to turning off all unneeded or non-essential services on each server, security best practice lockdown includes setting up host-based firewall rules so that each server only communicates with those it is supposed to, and implementing executable whitelists so that it is not possible for a “rogue” program to run on a server. These rules and whitelists need to be maintained as the environment evolves and is updated.
Incident Response Planning and Testing A response plan must be developed and implemented for the actions that would be taken if various types of security compromise were to occur. The plan and all responses should also be tested to ensure their effectiveness.
Vulnerability Scanning (Option) Application vulnerability scanning needs to be performed on the environment on a regular basis. Project Hosts’ enhanced application management services include additional optional vulnerability scanning services.
Single Sign-On (Option) Project Hosts services can also include setting up and managing a one-way trust or a Single Sign-On connection with your corporate Active Directory.

 

CONTINUOUS MONITORING AND OPTIMIZATION SERVICES

Continuous Monitoring Security best practice includes monitoring not only CPU/RAM/disk/network, but also application-specific processes and page loads with test users. This monitoring should be coupled with alerting mechanisms and a 24x7 response system.
Update and Patch Management Deploying every suggested or available update for the OS, database, and applications (including non-Microsoft applications) can be dangerous and result in system instability. Project Hosts reviews each and every update from an environmental perspective and determines which updates are required based on a customer’s use cases. Project Hosts proactively reviews all security considerations relative to updates and creates an update strategy that minimizes downtime and disruption for its customers
Architecture Optimization As a deployment scales, or over time is used in a different manner, it may become necessary to split different services off onto different servers. Take SharePoint for example, with certain sizes or use patterns, an environment will perform faster if workflow, search or other services are re-deployed onto their own servers. Or in Dynamics CRM, performance under certain scenarios improves when async, sandbox, or other services are separated. Project Hosts has engineers that have experience with many deployment types and usage scenarios to be able to identify when a change like this will be beneficial or needed.
Database and Application Optimization Security best practice includes not only having a DBA (Database Administrator) continually optimizing databases (monitoring logs, fragmentation, etc.), but also an Application Specialist doing the same (e.g. comparing memory/CPU/disk usage to benchmarks). Project Hosts supports both DB Administrators and Application Specialists.
Third Party Application Management Most deployments have not only Microsoft software, but also include software from third parties, or custom code developed in house. Project Hosts has well-defined processes in place for working with third-party software vendors or developers to ensure a successful deployment and to obtain support from them when needed and consultation when doing updates and upgrades.
Backup and Restore Even when Azure geo-redundant storage replication is used, regular backups are still necessary to protect against accidental deletion of data by a user or database corruption in an environment. Backups must be monitored to ensure they have completed successfully and must be periodically tested to ensure reliability.
Disaster Recovery Azure’s geo-redundant storage provides a solid foundation for disaster recovery and business continuity. If a disaster is declared at a Microsoft Azure data center the virtual hard disks (VHDs) for each virtual server will become available in a secondary data center. But to become fully operational again, new servers and networks must be deployed from those VHDs. Project Hosts has developed an automated that process to deploy these networks and servers and regularly tests it.

 

SUPPORT SERVICES

Performance Issues Project Hosts manages performance issues associated with the deployment. Performance issues can be caused by server resource constraints (e.g. requiring more RAM/CPU), by the network connection or bandwidth available to the user, by problems with the user’s device or by application configuration. It is best practice to have an established decision tree to dissect a performance problem, isolate the cause(s), and resolve it.
Connectivity Issues Project Hosts helps diagnose connectivity issues that can arise not only with browser-based connections to applications, but also with connections from Microsoft Office or other client-side software. They can be as simple as a user forgetting their password or complex such as caused by a mismatch between the update level of the application in Azure and some client-side software.
Anomalous Application Behavior When application features stop working or begin behaving differently for no apparent reason, it is very helpful for support engineers to have deep experience in the application to be able to determine if a bug has been uncovered or if there is some other cause. Project Hosts maintains expertise with Microsoft Apps and with third party software vendors’ add-ons.
Bug Resolution and Case Management Project Hosts uses its relationships with Microsoft and ISVs to analyze and correct bug-related situations. If a bug is suspected, then a case should be opened with Microsoft or 3rd party ISV support. The case is managed by a Project Hosts engineer with deep knowledge of the deployment to provide Microsoft with the information it needs to resolve it and possibly provide a hotfix. Then a hotfix must be tested in a test environment before being installed into production.
Guaranteed Response Times Project Hosts Person-2-Person Support is staffed on a 24x7 basis and has guaranteed response times to handle all of the above types of issues.
Financially Backed SLA Financially-backed SLA – Project Hosts’ services include a financially-backed 99.9% application availability guarantee.

 


"…many organizations have needs for deep customization, white-glove services, or support for complex models like hybrid hosting. For these customers, Project Hosts' PPM Custom Cloud offers a great option."

Ludovic Hauduc, General Manager of the Microsoft Project Business Unit
Some of Our Clients
Microsoft Partner
Gold Cloud Platform certification
Gold Hosting
Gold Project and Portfolio Management
Silver Collaboration and Content
Silver Data Analytics
Project Hosts twitter    Project Hosts Linkedin    Project Hosts Google+    Project Hosts Blog