Cloud-Based Network Security

The N.C. Department of Information Technology’s cloud-based network security service is for organizations that use NCDIT’s Wide Area Network service and want customized access protection for their virtual private networks. 

Secured remote-access VPN, firewall, VPN and intrusion prevention services are bundled together to create a complete security solution. By locating these services in the cloud via NCDIT’s private data center, you can protect multiple sites across North Carolina with a security framework utilizing a single point of protection and lower costs. 

This service manages all phases of NCDIT’s cloud-based security solution, including architectural validation, implementation, operations and ongoing configuration management. 

NCDIT’s network security analysts provide consultation and recommend security best practices to aid in establishing the desired security policy to protect data assets.

Request Cloud-Based Network Security

Getting Help

Support Get Technical Support
NCDIT Service Desk: 919-754-6000
Support Hours 24/7
Tab/Accordion Items


  • Fully managed service including all the hardware, software components and services required to deliver the cloud security solution
  • NCDIT-configured and -supported security solution with all the required activities to complete service installation at the statewide data centers
  • Customer-specified centralized network access control
  • Secure encrypted remote access to your agency's virtual private network through endpoint security assessment plug-in, virtual routing and forwarding (ESAP VRF)
  • Consultation on service options and security configurations
  • Hardware maintained to vendor best practices
  • High-availability fault-tolerant design
  • User authentication and authorization for access to a pre-authorized list of agency or enterprise resources
  • Real-time security signature updates
  • Encryption of sensitive data (e.g., credit card, medical data, personally identifiable information)
  • 24/7 centralized management and monitoring for malicious behavior via NCDIT’s Network Security Operations and Service Desk


  • Provide secure global availability of network services by extending the cloud to the state’s Eastern and Western Data Centers.
  • Protect agency and enterprise resources by allowing only users with proper authentication and authorization to access the network.
  • Provide security protection across the whole agency.
  • Secure your IT environment by blocking or preventing malicious network activities. 
  • Protect information by encrypting sensitive data (e.g., credit card, medical data, personally identifiable information).
  • Increase operational efficiency and reduce costs by centralizing access control and reducing the number of firewalls. Customers may no longer need a firewall at every location.
  • Maximize user productivity and reduce costs by minimizing system downtime and making it easier to contact centralized monitoring and incident management technical staff 24/7.
  • Save money with NCDIT’s managed service which is priced below or within Gartner Group's security services market rates.

Request Process

To request this service, or for more information, submit a ticket using the NCDIT Service Portal.


  • Service requests that incur a cost to the agency will typically require approval from the requesting agency’s CIO, financial officer or manager, depending upon your agency's requirements. 
  • Any staff with access to the NCDIT Service Portal may engage the team for support or information.

Requirements & Customer Responsibility

Required NCDIT Services Wide Area Network
Other Technical Requirements & Prerequisites
  • Transport technologies and telecommunications service provider(s) in your geographic area
  • WAN service router (provided by NCDIT)
  • State network connectivity
Customer Responsibility
  • Agency staff are required to submit a ticket using the NCDIT Service Portal for additional support or information regarding this service. 
  • Perform a security vulnerability assessment and a risk analysis of the agency's environment, prior to the initial consulting meeting. 
  • Designate a 24/7 point of contact for reporting and coordinating outages or emergency maintenance.
  • The contact will be the only authorized contact for security-related issues, including the approval of the initial security policy and requesting policy changes.
  • The contact will provide NCDIT with VPN group administrators who are responsible for assigning group membership to users.
  • Implement remote access security policies that enforce the use of sound security practices to keep VPN client system(s) secure against unauthorized access and other security threats and that comply with the statewide information security standards.
  • Contact the NCDIT Service Desk to report problems or request assistance.
  • Allow required security updates and maintenance services to be performed in a timely manner.
  • Review firewall security policy on a quarterly basis.

Expected Delivery

Acknowledgment Time The service team should acknowledge a service request within about 2-3 business days.
Turnaround Time
  • The service team should be able to complete a well-defined service request between 45 and 60 days or longer, depending on product availability from the date of the consultation meeting signoff.
  • Procurement and licensing steps required before the delivery of services may extend the timeline.  


Suggested For Any state or local government agency as well as educational institutions
Required For Executive branch agencies
Spotlight Customers
  • N.C. Department of Commerce
  • N.C. Department of Health and Human Services 
  • N.C. Division of Motor Vehicles

Support Process Submit a ticket using the NCDIT Service Portal or contact the NCDIT Service Desk at 919-754-6000.
Service Support Hours
  • Support for the service is available 24/7.
  • For non-critical and medium priority incidents, support is available weekdays from 7 a.m. to 6 p.m. (excluding state holidays).
Service Availability The service is available 24/7, excluding planned outages and maintenance windows.
Standard Maintenance Windows

Infrastructure and standard change activity:

  • Sundays: 4 a.m. to noon
  • Thursdays: 4-7 a.m.

Service-specific activity (e.g., security patch deployment, system enhancements and some system upgrades and updates):

  • Mondays to Fridays: 6 p.m. to 7 a.m. (when service interruption is not anticipated)
  • Thursdays: 8 p.m. to 2 a.m. (when service interruption is anticipated)
Service Communications
  • Changes or outages that might have an impact on customers are communicated through the NCDIT Communications Hub and Agency Change Advisory Board. 
  • The agency's admin for this service will support communications to the agency users of the service..
Service Level Agreements NCDIT Global Service Level Agreement

  • Approved rates for this service are published in the NCDIT Rate Schedule.
  • Monthly recurring charges cover NCDIT’s costs for hardware, software, maintenance and management of required equipment. Major cost drivers include the size and performance of equipment required to support your business requirements.
  • Additional costs could include one-time charges for consultation and implementation.

View NCDIT Rate Schedule

Service Features


Provides access control to/from customer-specific networks

Option Shared Infrastructure Dedicated Infrastructure
Customer-specified security policy Included Included
Data encryption Included Included
Real-time view of security policy Optional Optional
Real-time view of firewall log data Optional Optional
Log retention at customer location Optional Optional

Monitors network activities for malicious behavior and can block or prevent those activities

Option Shared Infrastructure Dedicated Infrastructure
Customer specified intrusion prevention policy Best practice Included
Continual tuning of security policies Included Included
Customer notification of pre-identified critical events Best practice Included
Real-time view of events Included Included
Real-time signature updates to address emerging threats Best practice Optional
Remote Access VPN

Provides secure, encrypted remote access for remote or travelling users and business partners

Option Shared Infrastructure Dedicated Infrastructure
Named SSL/VPN users As requested Scalable to meet customer requirements
User authentication Integration with N.C. Identity Management (NCID) Integration with N.C. Identity Management (NCID)
Authorization NCID groups (5 included) NCID groups (5 included)
Additional authorization groups Optional Optional
Sufficient capacity to accommodate large volumes of new telecommuters due to emergencies such as pandemics and natural disasters Included Optional
Common Features & Options
Option Shared Infrastructure Dedicated Infrastructure
State network connectivity Included Included
Throughput Scalable to accommodate required bandwidth Scalable to accommodate required bandwidth
High-availability (HA) Included Included
Global availability (Eastern & Western Data Centers) Included Included
24/7 device monitoring Yes Yes
24/7 incident support Yes Yes
Design and planning Yes Yes
Configuration backup Yes Yes
Maintenance – patches and upgrades Yes Yes
Log retention at NCDIT 1 month 1 month

Training & Help 


Other Related Links

Cloud-Based Security Services Diagram

Related NCDIT Services

Wide Area Network