This article outlines the policies and procedures followed by Equinix to protect your equipment and data.
The following teams and programs review, evaluate and enhance Equinix security practices:
- Audits and compliance – We formally comply with various industry standards, such as ISO 27001, SSAE16, and PCI DSS. Audit attestations and certificates are provided by qualified third-party auditors. These auditors coordinate activities with various business and technology teams like Business Assurance Services, Internal Audit, and Operations.
- Information Security team – Working closely with the legal organization, this team is charged to follow global and business unit guidelines to help ensure compliance with local and federal laws and regulations.
Information Security policies – The Information Security team administers and enforces a comprehensive set of confidential internal information that is reviewed and endorsed by senior management. This team ensures that the internal policies are global in scope, with a special focus on country-specific and region-specific laws, regulations, and business requirements.
Areas covered by these internal security policies include:
- Acceptable use of technology
- Anti-virus and malware
- Data backup and retention
- Data classification, labeling and handling
- Logical access
- Patch management
- Mobile devices
- Personal computers
- Remote access and VPN
- Social media
Note: These internal policies are rigorously enforced. They are reviewed annually to establish their continued relevance and accuracy. New policies are introduced as needed.
Fabric uses proven technology to ensure separation of traffic between customers. MPLS L3VPNs (VRFs) and EVPN L2 instances per customer or customer connection. This is all provisioned using automated configuration and without any configuration change no data is available outside the customer’s Fabric connections. All configuration changes (both automated as well as manual in case of fault diagnostics) are logged and monitored for anomalies. The active configuration in all network devices is constantly compared to the configuration on record and any anomaly is reported and corrected.
Traffic Ownership & Encryption
All data carried across the Fabric platform is owned by the customer and as Equinix has no way of knowing what data is carried and to which regulatory frameworks this data is subject to Equinix does not provide advice on how to encrypt data carried. It is the customer’s responsibility to treat data in transit in compliance to their regulatory demands. Equinix has no mechanisms deployed to monitor or intervene with traffic carried over Fabric connections
All management interfaces of the network devices that are part of the Fabric platform are connected to our internal management infrastructure and no management interface is exposed on or connected to Internet.
- Internet firewalls – Equinix deploys next-generation firewalls that provide anti-virus, intrusion detection and prevention, URL filtering and application control. Events detected by the firewalls are fed into a global Security Incident and Event Management (SIEM) system.
Email – An anti-virus and anti-spam gateway defends against threats originating through email.
- Hardening – Equinix desktops and laptops are hardened. Equinix hardening guidelines and standards are documented and carried out during system builds.
Anti-Virus and Malware – Windows and Mac desktops and laptops are required to run anti-virus and anti-malware software featuring real-time scanning protection for files and applications. Infected files are quarantined.
Remote Control – Secure remote control technology is used to assist staff with technical problems.
Remote Access VPN – Staff members that remotely access Equinix corporate networks or systems are required to use company-supplied remote access and VPN solutions using two-factor authentication. Client systems connecting to remote desktop servers must be assigned and controlled by corporate IT.
WiFi – WiFi networks are segregated from Equinix enterprise networks. A user connected to WiFi can access the enterprise network through a remote access VPN.
- Hardening – Equinix hardening guidelines and standards are documented and carried out during system builds.
Anti-Virus and Malware – Windows servers are required to run anti-virus and anti-malware software featuring real-time scanning protection for files and applications. Infected files are quarantined.
Scans – Vulnerability scans are performed internally on a weekly and on-demand basis. Applications must pass comprehensive vulnerability and application security scans before being released to the public.
Logging – Successful and unsuccessful access to systems is logged for analysis. The industry-standard SUDO utility is used on UNIX systems. Logs are fed into a SIEM and retained for at least 90 days.
The physical security of every IBX data center is a high operational priority. Each data center uses an array of security equipment, techniques and procedures to monitor the facility and to control and record access.
Access – The access control subsystem allows authorized users inside the building and within the facility. Biometric hand geometry or fingerprint readers, proximity cards and other technologies permit users to identify themselves to the system and, upon authentication, obtain access to specific areas inside the facility premises.
Alarm Monitoring and Intrusion Detection – The alarm monitoring and intrusion detection subsystem monitors the status of various devices associated with the security system. These include alarm contacts, glass break detectors, motion detectors, and tamper switches. If the status of any of these devices changes from their secure state, an alarm is activated, the event is recorded, and appropriate action is taken.
CCTV – The closed-circuit television subsystem provides the display, control, recording and playback of live video from cameras throughout the facility, as well as outside the facility where legally permitted. This system is integrated with the alarm monitoring and intrusion detection subsystem, so in the event of an alarm, cameras can be activated to record the event.
Note: CCTV operates 24 hours a day, every day.
Audio Intercom and Two-way Radio Subsystem – The audio intercom subsystem provides two-way communications between facility visitors and the security officer. The two-way radio subsystem also provides communications between the front lobby guard and the patrol guard.
Intrusion Testing – Intrusion testing is performed on a periodical basis with no advance warning to site staff.
Security Personnel — Hiring and Training – Equinix leverages industry-leading vendors and partners to help manage the physical infrastructure in each IBX data center. Security personnel undergo background and criminal checks, and are required to take security training when hired and periodically thereafter.
Customer and Visitor Emergency Protocols – In an emergency, the IBX data center staff members provide direction. Customers and other visitors on the premises are required to follow any instructions given.
Video Recording and Photography ‑ To safeguard the facility and preserve the anonymity of all IBX data center customers, no photography or videography is allowed within the IBX data center. Customers in licensed cages can request photographs of their cages and their equipment when they schedule a visit.
Note: Any photography requires the presence of an Equinix technician.
Asset Tracking – Customers and their vendors, contractors and subcontractors often deliver and remove equipment from an IBX data center through the lobby. Following rules apply for asset tracking:
- Hand-carried bags and items are subject to search as permitted by law.
- Equipment removed from an IBX data center not brought in that day must be listed on the service ticket as equipment that can be removed. The description of the items should be clear for accurate identification of the equipment.
- Equipment shipped to and from the facility is handled by the shipping and receiving department which is separate from the co-location area. Customers must open a shipment service request ticket to receive equipment.
Cage Signage – Equinix policy is to not divulge the physical location of any customer cage. However, customers can post cage signage upon approval by Equinix.
Note: Cage signs are limited to private cages only and can't be used in shared cages or reseller spaces.
Check-in – All visitors entering an IBX data center must be identified by an Equinix staff member. Only those visitors who are identified by the customer and listed on a customer-created service request ticket can enter a customer cage.
Biometrics – A minimum of two factors of authentication such as hand biometrics and PIN are required to gain physical access to an IBX data center. This applies to visitors and all IBX data center staff.
Check-out – Certain IBX data center locations require visitors to check-out at the lobby. An IBX data center staff member must verify the visitor's credentials prior to check out.
Expired access – If a visitor’s access is expired, a new service request ticket needs to be opened before the visitor can be re-entered into the biometric system.
A customer administrator grants individuals one or more of the following site permissions at the IBX data center or cage level:
- Physical access (unenrolled guest) – An administrator must open a service request ticket to allow an unenrolled guest into an IBX data center.
- Access – Allows physical access to the IBX data center without opening a service request ticket if the individual has an active security access or a proxy card.
- Remove equipment – Authorizes individuals with physical access to the IBX data center (active biometric scan or security or a proxy card) to remove hardware from the facility without a service request ticket.
Unregistered guests – Authorizes an individual with physical access to the IBX data center to bring unregistered guests into the facility without a service request ticket.
Note: This does not apply to tours. Unregistered guests must have a government-issued ID which will be verified by site security at the IBX data center.
Ordering privileges at the IBX data center or Cage level
- Basic services – Grants ordering privileges for work visits, tours, conference rooms and hand scans.
- Cross connects – Grants ordering privileges to install, and de-install cross connects.
- Smart Hands – Grants ordering privileges to submit Smart Hands and service request tickets.
- View service request ticket history – Grants privileges to review ordering history.
All inbound and outbound shipments must be scheduled in advance by opening a service request ticket or by calling Equinix directly. Unscheduled shipments are refused.
A global system monitors the health of company servers and infrastructure. Alerts are automatically generated and fed into a SIEM system.
IBX Data Center Security Governance Team
The Cloud Exchange Security Governance team is responsible for promoting awareness of, and compliance with, internal security policies, procedures and standards that are applicable to Equinix Fabric deployments.
Routine, emergency and configuration changes to Equinix Fabric service network infrastructure are authorized, logged, tested, approved and documented.
Change requests are formal, archived documents that describe modifications to any customer impacting aspect of Equinix Fabric.
Change Review Board
The change review board convenes a weekly review for change request documents. The board comprises appropriate stakeholders including experts from technical, release and project management teams. The board prioritizes change requests and assigns specific time windows for changes.
Change requests are required to include rollback plans, in case of the change having a negative impact on the production environment.
Problems are formally managed and tracked from detection through resolution with the aid of a ticketing system.
Published operational policies and processes are in place for customer-facing escalation procedures.
Administrative access to the Equinix Fabric service network is only available through a bastion host.
Authentication, Authorization, and Accounting (AAA)
Devices on the Equinix Fabric service network use TACACS+ for AAA services. Staff members involved in administering the Equinix Fabric service network are granted access based on the least privilege model, with their access rights commensurate to their job function. Successful and unsuccessful attempts to access network devices are logged for analysis and alarming purposes.
Service management tools are subject to AAA controls. Configurations they govern are revision controlled, time stamped and logged.
Network Device Management Plane
Management plane controls include the use of AAA services. Remote administration sessions are encrypted using SSH and are timed out after an appropriate period of inactivity. Administrator access and configuration changes are logged. Access Control Lists (ACLs) limit traffic to /from only required source and destination IP addresses. Vendors’ default configurations are modified according to manufacturer security recommendations.
Network Device Control Plane
Control plane controls include rate limiting on traffic destined to the device itself (ICMP, ARP, BGP, SSH, SNMP) and core application protocols like DNS in order to defend against denial of service attacks. Traffic to and from unauthorized and invalid networks is blocked. MD5 authentication is used for protocol message exchanges and updates (IGP/ LDP/ BGP).
Network Device Forwarding Plane
Customer forwarding planes are isolated to their own virtual routing and forwarding (VRF) tables and Layer 2 and Layer 3 VPNs. Both BGP maximum prefix limits as well as limits on the maximum number of physical (MAC) addresses are used to protect resources and defend against denial of service attacks.
Identity Access Management
Equinix provides customers with identity management capabilities limited to the scope of the Equinix Customer Portal and Cloud Exchange Portal. As part of the provisioning process, Equinix creates one primary administrator account for the customer. The primary administrator, can then create, modify, disable and delete customer user accounts as needed, including other primary administrators. Primary administrators assign roles and privileges to customer user accounts according to customer needs. Although cloud service providers might provide their own identity and access management systems, they are separate from those offered by Equinix.
Application Programming Interfaces (APIs)
Equinix offers an Equinix Fabric API whose functionality includes retrieving information about, and performing operations on, Equinix Fabric ports and virtual connections. Authentication and authorization are accomplished using the OAuth 2.0 standard. Although cloud service providers might provide their own APIs, they are separate from those offered by Equinix.
Equinix does not and shall not access any Equinix Fabric customer transit data either in motion or at rest. Physical and logical controls prevent, monitor and detect any unauthorized access or attempt to access customer transit data.
Equinix Fabric provides direct network connectivity between cloud customers and cloud service providers without accessing, inspecting, manipulating or copying the data. Customers are responsible for securing all aspects of data transiting Equinix Fabric in accordance with their security needs, policies and any applicable regulatory and/ or legal requirements.