Esri Managed Cloud Services (EMCS) Advanced Plus is a FedRAMP Moderate compliant offering that provides the ArcGIS Platform securely in the cloud. EMCS consists of a secure deployment of ArcGIS Enterprise in the cloud and is offered under Managed Services. EMCS can be used as a standalone solution, but also to supplement existing implementations of ArcGIS Online using a hybrid approach where security beyond ArcGIS Online's FISMA Low security baseline is needed. This enables customers to meet stricter security requirements while continuing to operate entirely in the cloud.
Detailed security answers relative to Esri Managed Cloud Services (EMCS) for information security professionals
Overview of Esri Managed Cloud Services (EMCS) and FedRAMP compliance. Topics include FedRAMP process description, deployment options and security benefits of EMCS
EMCS can be used by customers simply requiring a secure deployment of ArcGIS Enterprise in the cloud but also to augment an existing ArcGIS Online implementation to leverage ArcGIS Server functionality or the increased security benefits.
- EMCS by itself: For organizations simply needing the functionality of ArcGIS Enterprise in the cloud securely.
- ArcGIS Online supplemented by EMCS: Organizations are able to continue to use ArcGIS Online for public use cases while incorporating EMCS for more sensitive data sets in a hybrid approach.
- EMCS and on-premises: For organizations that have sensitive data they would like to keep on-premises but want to leverage cloud benefits where ArcGIS Online's FISMA Low security is not sufficient.
- ArcGIS Online supplemented by EMCS and on-premises deployment: Some organizations may want to use the full platform space of potential solutions to fit their various use cases.
As part of FedRAMP Moderate required security controls and processes, EMCS provides the following key security benefits:
- 24/7 Security Operations Center for monitoring and threat detection
- An Intrusion Detection System (IDS) to detect malicious activity
- Continuous security monitoring of log data through a Security Information and Event Management (SIEM) platform that is reviewed by security experts
- A Web Application Firewall (WAF) to mitigate against common web application attacks such as cross-site scripting (XSS)
- FIPS 140-2 compliant encryption for data-in-transit and data-at-rest
- A hardened network and virtual machine environment utilizing advanced inbound/outbound traffic rules
- Mandatory continuous application, system, and database scans
- Yearly vulnerability assessment, penetration testing, and security control reviews by an accredited Third Party Assessment Organization (3PAO)
For detailed security information related to EMCS, see Esri's answers to the latest revision of the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).