D2L hosted services are provided on Amazon Web Services (AWS). Physical and operational security processes are described for network and infrastructure under AWS’ management, as well as service-specific security implementations documented in Amazon Web Services: Overview of Security Processes, which outlines AWS’ data centre controls such as:
- Physical and Environmental Security
- Fire Detection and Suppression
- Power
- Climate and Temperature
- Management
- Storage Device Decommissioning
o AWS uses the techniques detailed in NIST 800-88 (“Guidelines for Media Sanitization”) as part of the decommissioning process. - Amazon’s infrastructure fault tolerant design
o Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. - Certification
o AWS holds numerous security certifications, which can be reviewed at https://aws.amazon.com/compliance/
D2L hosted services are provided out of tier 3 or greater hosting facilities. These facilities provide carrier-level support, including:
Access Control and Physical Security
- 24/7 guard surveillance including foot patrols and perimeter inspections
- Servers are protected by several multifactor physical access controls
- Video surveillance throughout facility and perimeter
- Access to data centers is managed through each data centers respective change management process
- Building engineered for local seismic, storm, and flood risks
- Tracking of asset removal
- Dedicated concrete-walled Data Center rooms
Environmental Controls
- Humidity and temperature control
- Redundant (N+1) cooling system
Power
- Underground utility power feed
- Redundant (N+1) CPS/UPS systems
- Redundant power distribution units (PDUs)
- Redundant (N+1) generators
Network
- Redundant internal networks
- High bandwidth capacity
- Redundant routers are configured for high availability
- VLAN segmentation by security zone is deployed using multi-link trunks to create over a robust backbone
Fire Detection and Suppression
- VESDA (very early smoke detection apparatus)
- Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression
Certification
D2L data centers undergo their own SSAE16 audits and maintain PCI Service Provider Level 1 compliance, ensuring that they meet industry standard security and procedural controls.