Security

Essential's solutions represent a quantum leap in data security technology for small to midsize businesses. We are continually updating our operations and utilizing current technology to allow you to secure and manage your data. Our servers, your electronic vaults, are located in one of the most secure and technologically advanced locations in North America.

Essential has implemented top-of-the-line firewalls and anti-virus products to protect your backed up data. Furthermore, Essential uses encryption and password negotiation methods so only the person with the correct user name, password and encryption key is able to restore the data. Even Essential's systems engineers cannot access your data.

With Essential's solution, you simply "set it and forget it".... it's fully automated so the risk of human error is eliminated.

Physical security

Servers Co-Location: Safeguarding your vital data with exceptional scalability, flexibility and performance from Essential.

Building Design: The front entrance is raised above ground level and protected by a boulder hedge row. Steel pylons (bollards) separate parking areas from building walls. All external walls are reinforced with structural steel bracing. The glass, walls and security station are bullet resistant.

Video Surveillance: Multiple fixed and remotely controlled cameras are strategically placed inside and outside to allow on site security to monitor all activity. The videotaping from all cameras is digitally recorded and stored.

Access Control: Photo ID Cards are required to gain access to all areas, including Boardrooms and Administration areas. All staff and co-location customers must display their photo ID cards at all times. Biometric Scanners are used in conjunction with ID card readers to guarantee enhanced authenticated access to the Co-location fields.

Detectors: State of the art detectors are able to detect as little as 3-PPM particles in the air. This helps ensure that only affected areas are sprinkled with water (if and when appropriate), helping to keep the rest of the facility dry.

Conditioned AC Power: Designed with state-of-the-art Electrical power systems. All power to the Mission Critical servers / fields is conditioned and backed up by reserved power source. The Co-Location, equipped with a Battery Backup UPS system, ensures smooth transitions to generator power in the event of a power failure. Redundant A and B power feeds are provided to all servers.

Power Source: The Co-Location receives its power from the Finch Hydro Power station. The Finch Hydro Power station is fed from 2 unique Hydro stations, terminating on 4 transformers. Diesel back up is provided should Toronto Hydro experience an unlikely brownout or blackout.

HVAC: A state-of-the-art Liebert Deluxe System 3 HVAC system has been implemented, with each unit having a capacity of 30 tons. A redundant N+1 design has been part of the design criteria. This best of breed system ensures that the temperature in all operational fields is maintained at 64F -75F with a relative humidity of 30%-55%. Also, the building automation systems are monitored on- and off-site.

Network Security

Software Security
Firewall - eTrust Firewall uniformly enforces security policies throughout the enterprise safeguarding all mission-critical network resources. eTrust Firewall goes beyond boundary protection, extending internally to secure vital network segments. Backed by ICSA certification and unmatched enterprise-wide manageability, eTrust Firewall enables organizations to embrace eBusiness opportunities with confidence. Its superior technology provides organizations with the most intuitive firewall rule analyzer in the industry. Packet inspection technology, combined with support for all application protocols, offer organizations unparalleled firewall protection.

Anti-Virus - eTrust InoculateIT is a set of award-winning antivirus solutions, providing superior protection against today's most prevalent security threat viruses. Based on advanced technology, eTrust InoculateIT reduces virus infections, simplifies and automates updating, eases administration, and enforces security polices. eTrust InoculateIT is certified by ICSA Labs for detecting 100% of "in the wild" viruses. Extensive features include unmatched manageability, multiple scanning engine support, real-time detection with system cure, and centralized event logging and alerting.

Encryption security
Because Essential's electronic vaults are the place where all of an enterprise's  data is stored and managed, security is a very vital aspect of our backup operation. To enable data to only be accessed by the owning client or an authorized party, Essential, through IBM Tivoli Storage Manager, implements for authentication purposes a mutual suspicion algorithm, which is similar to the methods used by Kerberos authentication.

Whenever a client (backup/archive) wants to communicate with our servers (electronic vaults), an authentication has to take place. This authentication contains both sides verification, which means that the client has to authenticate itself to the server, and the server has to authenticate itself to the client.

To do this, all clients have a password, which is encrypted and stored on Essential's electronic vaults side as well as on the client side. In the authentication dialog these passwords are used to encrypt the communication. To prevent hackers from intercepting them, the passwords are not sent over the network/internet. A communication session will be established only if both sides are able to decrypt the dialog. If the communication has ended, or if a timeout period without activity has passed, the session will be automatically terminated and a new authentication will be necessary.

The scheme is a dual authentication message-passing scheme for the IBM TSM authentication. It is modeled after Kerberos, and each session generates a new, unique key for that session, so replaying a session stream will not result in a sign on to the server. Session keys are encrypted multiple times and are not open to spoofing. They are only active for that session while the session is active. All password updates are encrypted with the session key so those transactions cannot be captured either.

The encrypted key is created using the password that is provided either automatically with password access, or generated by the user supplying it. The server checks and finds this client registered and generates the " key " sent back to the client. The client deciphers the key to determine if the IBM TSM server used its password and the appropriate algorithm to generate the key, hence the suspicious client. If all is well, then communication is established, and the client is in session with the server.

Password and Encryptions Fast Facts: Encryption of file data before it is sent to server DES encryption algorithm o Simple key management o user is prompted for encryption key password key stored in registry, not transferred or stored at the server Fully transparent to server Works on backup and archive Additional include/exclude option to select encryption candidates Supported on Windows, AIX, Solaris, HP-UX, NetWare, SGI, Linux, NUMA-Q, TRU64, OS/390 USS clients (Web, CLI, GUI)