Platform Security

Traffic Separation

Fabric uses proven technology to ensure separation of traffic between customers. MPLS L3VPNs (VRFs) and EVPN L2 instances per customer or customer connection. This is all provisioned using automated configuration and without any configuration change no data is available outside the customer’s Fabric connections. All configuration changes (both automated as well as manual in case of fault diagnostics) are logged and monitored for anomalies. The active configuration in all network devices is constantly compared to the configuration on record and any anomaly is reported and corrected.

Traffic Ownership & Encryption

All data carried across the Fabric platform is owned by the customer and as Equinix has no way of knowing what data is carried and to which regulatory frameworks this data is subject to Equinix does not provide advice on how to encrypt data carried. It is the customer’s responsibility to treat data in transit in compliance to their regulatory demands. Equinix has no mechanisms deployed to monitor or intervene with traffic carried over Fabric connections

Management Interfaces

All management interfaces of the network devices that are part of the Fabric platform are connected to our internal management infrastructure and no management interface is exposed on or connected to Internet.

• Internet firewalls – Equinix deploys next-generation firewalls that provide anti-virus, intrusion detection and prevention, URL filtering and application control. Events detected by the firewalls are fed into a global Security Incident and Event Management (SIEM) system.

• Email – An anti-virus and anti-spam gateway defends against threats originating through email.

• Hardening – Equinix desktops and laptops are hardened. Equinix hardening guidelines and standards are documented and carried out during system builds.

• Anti-Virus and Malware – Windows and Mac desktops and laptops are required to run anti-virus and anti-malware software featuring real-time scanning protection for files and applications. Infected files are quarantined.

• Remote Control – Secure remote control technology is used to assist staff with technical problems.

• Remote Access VPN – Staff members that remotely access Equinix corporate networks or systems are required to use company-supplied remote access and VPN solutions using two-factor authentication. Client systems connecting to remote desktop servers must be assigned and controlled by corporate IT.

• WiFi – WiFi networks are segregated from Equinix enterprise networks. A user connected to WiFi can access the enterprise network through a remote access VPN.

• Hardening – Equinix hardening guidelines and standards are documented and carried out during system builds.

• Anti-Virus and Malware – Windows servers are required to run anti-virus and anti-malware software featuring real-time scanning protection for files and applications. Infected files are quarantined.

• Scans – Vulnerability scans are performed internally on a weekly and on-demand basis. Applications must pass comprehensive vulnerability and application security scans before being released to the public.

• Logging – Successful and unsuccessful access to systems is logged for analysis. The industry-standard SUDO utility is used on UNIX systems. Logs are fed into a SIEM and retained for at least 90 days.

The physical security of every IBX data center is a high operational priority. Each data center uses an array of security equipment, techniques and procedures to monitor the facility and to control and record access.

• Access – The access control subsystem allows authorized users inside the building and within the facility. Biometric security devices, proximity cards and other technologies indentify users to the access control system, and upon authentication allow contacts to navigate the IBX as permitted.

• Alarm Monitoring and Intrusion Detection – The alarm monitoring and intrusion detection subsystem monitors the status of various devices associated with the security system. Monitoring devices include door position switches, glass break detectors, motion detectors, and tamper switches. If the status of any device changes from their secure state, an alarm is activated, the event is recorded, and appropriate action is taken.

• CCTV – The closed-circuit television subsystem provides the display, control, recording and playback of live video from cameras throughout the facility, as well as outside the facility where legally permitted. This system is integrated with the alarm monitoring and intrusion detection subsystem, so in the event of an alarm, cameras are diplayed automatically to view the event in real time.

  Note: CCTV operates and records 24/7/365.

• Audio Intercom and Two-way Radio Subsystem – The audio intercom subsystem provides two-way communications between facility visitors and the security officer. The two-way radio subsystem also provides communications between the front lobby guard and the patrol guard.

• Intrusion Testing – Intrusion testing is performed on a periodical basis with no advance warning to site staff.

• Security Personnel — Hiring and Training – Equinix leverages industry-leading vendors and partners to help manage the physical infrastructure in each IBX data center. Security personnel undergo background and criminal checks, and are required to take security training when hired and periodically thereafter.

• Customer and Visitor Emergency Protocols – In an emergency, the IBX data center staff members provide direction. Customers and other visitors on the premises are required to follow any instructions given.

• Video Recording and Photography ‑ To safeguard the facility and preserve the anonymity of all IBX data center customers, no photography or videography is allowed within the IBX data center. Customers in licensed cages can request photographs of their cages and their equipment when they schedule a visit.

  Note: Any photography requires the presence of an Equinix technician.

• Asset Tracking – Customers and their vendors, contractors and subcontractors often deliver and remove equipment from an IBX data center through the lobby. Following rules apply for asset tracking:

  • Hand-carried bags and items are subject to search as permitted by law.
  • Equipment removed from an IBX data center not brought in that day must be listed on the service ticket as equipment that can be removed. The description of the items should be clear for accurate identification of the equipment.
  • Equipment shipped to and from the facility is handled by the shipping and receiving department which is separate from the co-location area. Customers must open a shipment service request ticket to receive equipment.

• Cage Signage – Equinix policy is to not divulge the physical location of any customer cage. However, customers can post cage signage upon approval by Equinix.

  Note: Cage signs are limited to private cages only and can't be used in shared cages or reseller spaces.

• Check-in – All visitors entering an IBX data center are required to check in via the Euinix Customer Portal (ECP) mobile app or the kiosk located in the security lobby. All visitors will need to proceed to the Security window and present their government issued identification to the Security Officer on duty.

• Biometrics – A minimum of two factors of authentication such as biometrics and a proximity card are required to gain physical access to an IBX data center. This applies to visitors and all IBX data center staff.

• Check-out – All visitors can use either the Equinix Customer Portal mobile app or the Kiosk to check out of the IBX once the your visit is complete.

• Access Privilidges – IBX access is granted and maintained by your company's Equinix Customer Portal adminstrator.

A customer administrator of the Equinix Customer Portal grants individuals one or more of the following site permissions at the IBX data center or cage level:

• Physical access (unenrolled guest) – An administrator must open a work visit to allow an unenrolled guest into an IBX data center.
• IBX/Cage Access – Allows unescorted access in the IBX data center without opening work visits, enrollment to the access control system will occur on the first visit to the IBX.
• Remove Access – Removes licensed space(s) or IBX data center(s) in whole from Contacts as needed.
• Remove equipment – Authorizes individuals with unescorted access to the IBX data center to remove hardware from the facility without an outbound ticket. For more information see Outbound Shipments from an IBX.

• Bring guests – Authorizes an individual with unescorted access to the IBX data center to bring unregistered guests into the facility without a work visit.

  Note: All Guests entering the IBX must present a valid government issued ID to security.

Ordering privileges at the IBX data center or Cage level

• Basic services – Grants ordering privileges for work visits, tours, conference rooms and hand scans.
• Cross connects – Grants ordering privileges to install, and de-install cross connects.
• Smart Hands – Grants ordering privileges to submit Smart Hands and service request tickets.
• View service request ticket history – Grants privileges to review ordering history.

Shipments

All inbound and outbound shipments must be scheduled in advance by opening a service request ticket or by calling Equinix directly. Unscheduled shipments are refused.

Monitoring

A global system monitors the health of company servers and infrastructure. Alerts are automatically generated and fed into a SIEM system.

IBX Data Center Security Governance Team

The Cloud Exchange Security Governance team is responsible for promoting awareness of, and compliance with, internal security policies, procedures and standards that are applicable to Equinix Fabric deployments.

Controlled Maintenance

Routine, emergency and configuration changes to Equinix Fabric service network infrastructure are authorized, logged, tested, approved and documented.

Change Requests

Change requests are formal, archived documents that describe modifications to any customer impacting aspect of Equinix Fabric.

Change Review Board

The change review board convenes a weekly review for change request documents. The board comprises appropriate stakeholders including experts from technical, release and project management teams. The board prioritizes change requests and assigns specific time windows for changes.

Change Rollback

Change requests are required to include rollback plans, in case of the change having a negative impact on the production environment.

Problem Management

Problems are formally managed and tracked from detection through resolution with the aid of a ticketing system.

Escalations

Published operational policies and processes are in place for customer-facing escalation procedures.

Bastion

Administrative access to the Equinix Fabric service network is only available through a bastion host.

Authentication, Authorization, and Accounting (AAA)

Devices on the Equinix Fabric service network use TACACS+ for AAA services. Staff members involved in administering the Equinix Fabric service network are granted access based on the least privilege model, with their access rights commensurate to their job function. Successful and unsuccessful attempts to access network devices are logged for analysis and alarming purposes.

Management Tools

Service management tools are subject to AAA controls. Configurations they govern are revision controlled, time stamped and logged.

Network Device Management Plane

Management plane controls include the use of AAA services. Remote administration sessions are encrypted using SSH and are timed out after an appropriate period of inactivity. Administrator access and configuration changes are logged. Access Control Lists (ACLs) limit traffic to /from only required source and destination IP addresses. Vendors’ default configurations are modified according to manufacturer security recommendations.

Network Device Control Plane

Control plane controls include rate limiting on traffic destined to the device itself (ICMP, ARP, BGP, SSH, SNMP) and core application protocols like DNS in order to defend against denial of service attacks. Traffic to and from unauthorized and invalid networks is blocked. MD5 authentication is used for protocol message exchanges and updates (IGP/ LDP/ BGP).

Network Device Forwarding Plane

Customer forwarding planes are isolated to their own virtual routing and forwarding (VRF) tables and Layer 2 and Layer 3 VPNs. Both BGP maximum prefix limits as well as limits on the maximum number of physical (MAC) addresses are used to protect resources and defend against denial of service attacks.

Identity Access Management

Equinix provides customers with identity management capabilities limited to the scope of the Equinix Customer Portal and Cloud Exchange Portal. As part of the provisioning process, Equinix creates one primary administrator account for the customer. The primary administrator, can then create, modify, disable and delete customer user accounts as needed, including other primary administrators. Primary administrators assign roles and privileges to customer user accounts according to customer needs. Although cloud service providers might provide their own identity and access management systems, they are separate from those offered by Equinix.

Application Programming Interfaces (APIs)

Equinix offers an Equinix Fabric API whose functionality includes retrieving information about, and performing operations on, Equinix Fabric ports and virtual connections. Authentication and authorization are accomplished using the OAuth 2.0 standard. Although cloud service providers might provide their own APIs, they are separate from those offered by Equinix.

Equinix does not and shall not access any Equinix Fabric customer transit data either in motion or at rest. Physical and logical controls prevent, monitor and detect any unauthorized access or attempt to access customer transit data.

Equinix Fabric provides direct network connectivity between cloud customers and cloud service providers without accessing, inspecting, manipulating or copying the data. Customers are responsible for securing all aspects of data transiting Equinix Fabric in accordance with their security needs, policies and any applicable regulatory and/ or legal requirements.