Cloud Cruiser became HPE Consumption Analytics on Nov. 1, 2018. You'll still see the old name in places while we update this site.

 

 

Consumption Analytics Documentation

Home > HPE Consumption Analytics Portal Documentation > Keeping your data secure

Keeping your data secure

Table of contents
  1. Architecture
  2. Certification
  3. Data privacy
  4. Questions and answers
    1. What sensitive information (such as cloud provider credentials) does HPE Consumption Analytics Portal store for each cloud provider?
    2. Does any third-party vendor have access to my data?
    3. What measures does HPE take to prevent my cloud provider credentials from becoming compromised?
    4. What data is encrypted in the HPE Consumption Analytics Portal database?
    5. What encryption strategy does HPE Consumption Analytics Portal use?
    6. Who can see sensitive data stored in HPE Consumption Analytics Portal, whether encrypted or otherwise?
    7. If my cloud provider credentials were compromised, what could a criminal do with them?
    8. What measures are in place to prevent someone (including a HPE employee) from locking a customer out of its own cloud provider?
    9. What measures are in place to prevent someone (including a HPE employee) from locking a customer out of the HPE Consumption Analytics Portal application?
    10. Does HPE run security updates on its systems?
    11. Does HPE conduct regular penetration tests on its systems?
    12. Does HPE use antivirus software on its systems?
    13. Does HPE Consumption Analytics Portal use intrusion-detection systems and/or intrusion-prevention systems?
    14. Does HPE have a formal disaster-recovery/business continuity plan in place?
    15. What measures does HPE take to keep the physical servers secure?
    16. Does HPE Consumption Analytics Portal support single sign-on?
    17. Does HPE Consumption Analytics Portal support multifactor authentication?
    18. Does HPE Consumption Analytics Portal support centralized account management?
    19. What fields does HPE Consumption Analytics Portal pull from each cloud provider API?
    20. Can HPE share system logs with me?

HPE recognizes that the data you are entrusting to our application is both sensitive and vital to the ability to run your business. That is why we work to ensure that your data is secure and accessible only to those who have the need and right to see it.

Architecture

Amazon Web Services (AWS) provides the cloud infrastructure upon which the HPE Consumption Analytics Portal application runs, and serves as HPE Consumption Analytics Portal’s secure datacenter. This infrastructure is designed for security and is monitored constantly for network and security issues. For more information about AWS security, see the AWS documentation at https://aws.amazon.com/security/.

​HPE Consumption Analytics Portal stores customer data in a private network. This network is behind a firewall and therefore not accessible to requests from the Internet. In addition to the basic firewall security provided by AWS, HPE Consumption Analytics Portal restricts traffic internally and externally using Amazon Security Groups, and both private and public sub-networks. The network is highly segregated, with each resource type in its own sub-network, and access is carefully granted through firewall rules. Only authenticated HPE Consumption Analytics Portal users can access endpoints on the private network.

All data is partitioned by tenant, and all authenticated requests are scoped to a tenant (or a user within a tenant, where applicable). This partitioned multi-tenant architecture limits access to the data associated with each authenticated tenant, thus preventing the possibility of one tenant having access to another’s data.

User permissions within the application itself are highly granular, ensuring that access to information can be very tightly controlled – users can see what they need to, and no more. The application is tested for common security issues, including cross-site scripting and SQL injection/parameterized query attacks.

Certification

AWS is ISO 27001 certified, and most of the AWS infrastructure used by HPE Consumption Analytics Portal is PCI compliant and covered by SOC 1, SOC 2, and SOC 3 reports. The PCI and HIPAA standards do not apply to HPE Consumption Analytics Portal because we do not handle payment card data or protected health information.

Data privacy

HPE Consumption Analytics Portal's Data Privacy and Security Agreement is displayed when you sign up to use HPE Consumption Analytics Portal. You can read the Agreement at any time on the HPE Web site.

Questions and answers

This section lists common questions and answers about HPE Consumption Analytics Portal security and how HPE protects your data.

What sensitive information (such as cloud provider credentials) does HPE Consumption Analytics Portal store for each cloud provider?

HPE Consumption Analytics Portal stores and encrypts the following provider credentials so you can collect usage and billing data:

  • For basic Azure collections, HPE Consumption Analytics Portal stores the Enrollment Number and Primary Key (Access Key) for the Enterprise Account. If you add Azure subscriptions to a collection, HPE Consumption Analytics Portal also stores the name and ID of each subscription, the Microsoft account used to connect Azure subscriptions to your collection, and the token used to authenticate that account.
  • For AWS collections, HPE Consumption Analytics Portal stores the Access Key ID, Secret Access Key, and Cost Bucket.
  • For Google collections, HPE Consumption Analytics Portal stores the bucket name and report prefix, as well as the name of the Google account used to access Google Cloud Platform.
Does any third-party vendor have access to my data?

HPE shares aggregated data with certain partners. This data is only intended to indicate industry trends in cloud usage, and does not include any information that can be used to identify a specific company or individual.

What measures does HPE take to prevent my cloud provider credentials from becoming compromised?

HPE Consumption Analytics Portal encrypts all credentials in our database using Triple DES encryption.

What data is encrypted in the HPE Consumption Analytics Portal database?

HPE Consumption Analytics Portal encrypts your cloud platform credentials. For Azure collections, HPE Consumption Analytics Portal also encrypts the token used to authenticate the Microsoft account used to connect Azure subscriptions to your collection. For Google collections, HPE Consumption Analytics Portal encrypts the authentication token for the Google account used to connect with Google Cloud Platform.

What encryption strategy does HPE Consumption Analytics Portal use?

Triple DES with 192-bit keys.

Who can see sensitive data stored in HPE Consumption Analytics Portal, whether encrypted or otherwise?

No employees of HPE have direct access to any of the sensitive information we store.

If my cloud provider credentials were compromised, what could a criminal do with them?

If someone had access to the provider credentials stored in HPE Consumption Analytics Portal they would have access to your usage and billing data. This does not include any payment information such as a credit card number.

If you have configured HPE Consumption Analytics Portal to purchase, sell, and modify reserved instances (RIs) for you, and have granted the corresponding permissions in your Amazon Web Services accounts, then the person in possession of your credentials would be able to purchase, sell, and modify RIs using those AWS accounts.

What measures are in place to prevent someone (including a HPE employee) from locking a customer out of its own cloud provider?

The cloud provider permissions required by HPE Consumption Analytics Portal are not sufficient to change a password or lock a cloud provider account in some other way.

What measures are in place to prevent someone (including a HPE employee) from locking a customer out of the HPE Consumption Analytics Portal application?

Only select HPE employees have the administrative access to change a customer's access to the application.

Does HPE run security updates on its systems?

Yes. Per industry-accepted standards, HPE applies security updates to its systems regularly using the Chef configuration management tool.

Does HPE conduct regular penetration tests on its systems?

While HPE does not run regular penetration tests to identify vulnerabilities in system security, the underlying host provider (AWS) does perform these tests on its systems and applications. For more information, see https://aws.amazon.com/security/penetration-testing/.

Does HPE use antivirus software on its systems?

Though HPE Consumption Analytics Portal systems are not at high risk for viruses and malware, its underlying AWS systems do use antivirus and malware-prevention software.

Does HPE Consumption Analytics Portal use intrusion-detection systems and/or intrusion-prevention systems?

HPE Consumption Analytics Portal does not use a typical IDS/IDP system to monitor traffic at the perimeter of the network boundary.

Does HPE have a formal disaster-recovery/business continuity plan in place?

While HPE has not implemented a formal DR/BCP, disaster recovery is handled by the underlying AWS architecture.

What measures does HPE take to keep the physical servers secure?

Physical security of AWS data centers is implemented by Amazon. No HPE employee has physical access to the servers containing your data.

Does HPE Consumption Analytics Portal support single sign-on?

Yes, for Azure Active Directory and Google accounts. For details, see Signing in with Microsoft or Google.

Does HPE Consumption Analytics Portal support multifactor authentication?

To log in to HPE Consumption Analytics Portal you need your user name and password. No additional, authentication methods (such as smart cards or one-time passwords) are required.

Does HPE Consumption Analytics Portal support centralized account management?

Yes. Within the HPE Consumption Analytics Portal application, HPE creates one Owner account for you. The Owner has full access to HPE Consumption Analytics Portal features, and can partition feature access to other HPE Consumption Analytics Portal user accounts at your site as he or she sees fit.

At the system level, HPE manages system accounts using the Chef configuration management tool.

What fields does HPE Consumption Analytics Portal pull from each cloud provider API?

HPE Consumption Analytics Portal pulls the fields listed in the following table. For information about how HPE Consumption Analytics Portal maps provider fields to normalized field names, see Field mapping.

Amazon Web Services Microsoft Azure Google Cloud Platform

AvailabilityZone
BlendedCost
BlendedRate
InvoiceID
ItemDescription
LinkedAccountId
Operation
PayerAccountId
PricingPlanId
ProductName
RateId
RecordType
RecordId
ReservedInstance
ResourceId
SubscriptionId
UnBlendedCost
UnBlendedRate
UsageEndDate
UsageStartDate
UsageQuantity
UsageType

Additionally, HPE Consumption Analytics Portal pulls tags included in the Cost Allocation Report, as defined in AWS.

Account Name
AccountOwnerId
AdditionalInfo
Consumed Quantity
Consumed Service
Cost Center
Date
Day
Department Name
ExtendedCost
Instance ID
Meter Category
Meter Sub-Category
Meter Region
Meter Name
Month
Product Meter ID
Resource Group
Resource Location
ResourceRate
ServiceAdministratorId
ServiceInfo1
ServiceInfo2
Store Service Identifier
SubscriptionGuid
SubscriptionId
Subscription Name
Tags
Unit Of Measure
Year
Account ID
Consumption
Cost
Credit1
Credit1 Amount
Credit1 Currency
Currency
Description
End Time
Line Item
Measurement1
Measurement1 Total 
Measurement1 Units
Project
Project ID
Project Labels
Project Name
Project Number
Start Time
Can HPE share system logs with me?

To help maintain security, HPE does not make system logs available. However, upon request HPE can send you limited audit information.

Last modified

Tags

Classifications

This page has no classifications.