Security of Hosting Services
In addition to the City of Tucson’s security measures, the ESS’ vendor security policies and information asset protection programs maintain security in accordance with many industry and government security standards (such as NIST and FISMA guidelines), and they support compliance with required standards such as SOX, SSAE No.16, and CISP.
Generally, effective security of information technology centers around a layered security model. Each layer represents a distinct security challenge that requires individualized access, monitoring, configuration, and policy controls. This practice presents multiple significant challenges to intrusion, as anyone attempting unauthorized access would have to separately overcome each layer.
The City of Tucson ESS infrastructure follows a philosophy of least privilege with all access being first denied or blocked, and access granted only to the level required to perform a given function. This practice inherently results in a more secure environment, as it is built securely from the ground up as opposed to locking down security post implementation.