Our Holistic Security Approach

With the intention to decrease security risks to minimal, a holistic approach to protection is required. Our safety procedures are born out of a transparent definition of the threats to our system.

Security Goals

Privacy - Information inside our infrastructure and techniques will most effective be available by using approved users

Integrity - Data and information within our infrastructure cannot be tampered with by any unauthorized user

Data Protection - Data and Information inside our infrastructure can't be tampered with by using any unauthorized person

Identification and Authentication - Ensures that any consumer of the procedure is who he claims to be and eliminates chances of impersonation

Network Service Protection - Ensures that networking apparatus is protected from malicious hacking attempts or attacks that threaten uptime

Our Holistic Security Model

Our protection platform and system leverage on a couple of levels of protection - consisting of protection programs and gear1 combined with security strategies and Practices2 and Auditing Processes3, To make sure unparalleled security for the entire offerings we provide. The platform tackles security at 7 different levels

Level-1 Datacenter Security

Our international datacenter partnerships are a influence of a comprehensive Due diligence process. Protection and stability are two of the main variables in our due diligence system. All datacenters are geared up with surveillance cameras, biometric locks, authorization-situated access policies, restricted datacenter access, protection personnel, and equivalent average security equipment, strategies and operations.

What separates us nevertheless is the fact that our due diligence system also comprises a measure of proactiveness tested by the datacenter toward security. This is measured through evaluating previous practices, client case studies, and the amount of time the datacenter dedicates toward protection research and gain knowledge of technology.

Level-2 Network Security

Our global infrastructure deployments contain DDOS mitigators, Intrusion Detection systems, and Firewalls both on the facet and the Rack level. Our deployments have weathered widely wide-spread hacking and DDOS attempts (normally as many as 3 in a single day) without any degradation.

Firewall Protection - Our circular-the-clock firewall safety system secures the perimeter and provides the very great first line of protection. It makes use of highly adaptive and developed inspection science to defend your knowledge, internet site, e-mail and web functions by blocking unauthorized community entry. It ensures managed connectivity between the servers that retailer your knowledge and the internet through the enforcement of protection policies devised by means of subject subject specialists.

Network Intrusion Detection system - Our network intrusion detection, prevention and vulnerability management system supplies speedy, accurate and comprehensive security against distinctive assaults, visitors anomalies, "unknown" worms, spyware/adware, network viruses, rogue applications and other zero-day exploits. It uses ultramodern high-efficiency community processors that perform 1000's of assessments on each packet float concurrently without a perceivable develop in latency. As packets move by means of our programs, they're entirely scrutinized to verify whether they are professional or damaging. This system of instantaneous defense is probably the most mighty mechanism of guaranteeing that unsafe attacks don't reach their objectives.

Protection against Distributed Denial-of-Service (DDoS) Attacks - Denial of carrier is currently the highest source of monetary loss because of cybercrime. The goal of a Denial-of-provider attack is to disrupt your online business events by using stopping the operation of your web site, email or web applications. That is finished by means of attacking the servers or network that host these services and overloading the key resources reminiscent of bandwidth, CPU and memory. The usual factors at the back of such assaults are extortion, bragging rights, political statements, hazardous competition etc. Nearly any organization that connects to the internet is vulnerable to these assaults. The trade affect of large sustained DoS assaults is colossal, as it would result in misplaced earnings, customer dissatisfaction, productiveness loss etc because of inavailability or deterioration of provider. A DoS attack normally would even land you with the largest bandwidth overage invoice that you have ever noticeable.

Our distributed Denial-of-service defense approach provides unmatched safety towards DoS and DDoS attacks for your web-going through infrastructures i.E. Your web pages, email and mission imperative net applications, with the aid of utilizing sophisticated latest technological know-how which robotically triggers itself as soon as an attack is launched. The DDoS mitigator's filtering system blocks just about all fraudulent visitors and ensures that reliable visitors is allowed as much as the most important extent feasible. These methods have seamlessly protected a few websites from tremendous service outages prompted through simultaneous assaults as giant as 300+ Mbps up to now, accordingly enabling firms to center of attention on their business.

Level-3 Host Security

Host Based Intrusion Detection System - With the advent of tools which might be competent to avoid port blocking perimeter security techniques such as firewalls, it's now most important for enterprises to deploy Host-based Intrusion Detection process (HIDS) which focuses on monitoring and analyising the internals of a computing process. Our Host-headquartered Intrusion Detection method assists in detecting and pinpointing alterations to the procedure and configuration records - whether by accident, from malicious tampering, or external intrusion - utilizing heuristic scanners, host log expertise, and by way of monitoring process exercise. Rapid discovery of alterations decreases chance of competencies damage, and in addition reduces troubleshooting and recovery times, as a consequence lowering overall have an effect on and improving protection and system availability.

Hardware Standardization- We have now standardized on hardware providers which have a monitor document of excessive safety standards and nice support. Most of our infrastructure and datacenter companions use gear from Cisco, Juniper, HP, Dell etc.

Level-4 Software Security

Our functions run on myriad methods with myriad server software. Working methods include more than a few flavors of Linux, BSD, windows. Server program includes types and flavors of Apache, IIS, Resin, Tomcat, Postgres, MySQL, MSSQL, Qmail, Sendmail, Proftpd etc and so forth. We make certain protection regardless of the various portfolio of application products we make use of by following a system-oriented procedure

Timely Application of Updates, Bug Fixes and Security Patches - All servers are registered for automatic updates to make certain that they continually have the contemporary safety patch established and that any new vulnerabilities are rectified as soon as possible. The biggest number of intrusions influence from exploitation of identified vulnerabilities, configuration blunders, or virus assaults where countermeasures ARE already to be had. In keeping with CERT, methods and networks are impacted by using these pursuits as they have "now not continuously" deployed the patches that had been launched.

We entirely understand the requirement for powerful patch and update management methods. As working programs and server application get more intricate, each and every more moderen free up is plagued by protection holes. Expertise and updates for new protection threats are released on an virtually everyday basis. Now we have developed consistent, repeatable tactics and a nontoxic auditing and reporting framework which ensures that all our methods are consistently up to date.

Periodic Security Scans - Standard assessments are run utilizing enterprise grade security application to determine if any servers have any recognized vulnerabilities. The servers are scanned against the most complete and up-to-date databases of identified vulnerabilities. This allows us to proactively preserve our servers from assaults and make certain trade continuity through selecting safety holes or vulnerabilities before an attack happens.

Pre-Upgrade testing processes - Program enhancements are launched mostly via more than a few program vendors. Whilst each supplier follows their own trying out tactics prior to liberate of any upgrade, they are not able to test inter-operability disorders between quite a lot of program. For illustration a new unlock of a database could also be verified via the Database dealer. Nevertheless the have an effect on of deploying this unlock on a construction process running more than a few different FTP, Mail, web Server program cannot be straight decided. Our procedure administration workforce documents the affect evaluation of quite a lot of application enhancements and if any of them are perceived to have a high-hazard, they are first beta-validated in our labs before reside deployment.

Level-5 Application Security

All of the utility program that's used in the platform is developed by us. We do not outsource development. Any third occasion products or add-ons go through comprehensive training and testing strategies the place all factors of such merchandise are broken down and competencies about their architecture and implementation is transferred to our workforce. This enables us to absolutely manage all variables concerned in any targeted Product. All purposes are engineered utilizing our proprietary Product Engineering system which follows a proactive technique in the direction of security.

Each application is broken down into more than a few add-ons such as person Interface, Core API, Backend Database etc. Each and every layer of abstraction has its possess security exams, despite the safety checks carried out through a bigger abstraction layer. All sensitive information is saved in an encrypted structure. Our engineering and progress practices be certain the absolute best stage of security on the subject of all application program

Level-6 Personnel Security

Theweakest link within the protection chain is continually the people you believe. Personnel, development staff, providers, almost any person that has privileged access to your approach. Our Holistic protection process attempts to scale back protection danger precipitated through the "Human element". Information is divulged only on a "need-to-be aware of" basis. Authorization expires upon the expiry of the requirement. Personnel are coached chiefly in safety measures and the criticality of looking at them.

Every person that has administrator privileges to any of our servers goes by means of a complete background assess. Companies that skip out on this are placing to danger all sensitive and essential data belonging to their buyers, as no matter what quantity of money is invested into excessive-finish security solutions, one flawed hire - having the proper amount of access - can rationale higher harm than any outside attack.

Level-7 Security Audit Processes

In a significant deployment of globally dispensed servers, audit tactics are required to be certain process replication and discipline. Are all servers being patched almost always? Are the backup scripts going for walks at all times? Are offsite backups being turned around as preferred? Are suitable reference checks being carried out on all personnel? Is the protection apparatus sending out timely signals?

These and lots of such questions are as a rule tested in an out-of-band system that includes investigation, surveys, ethical hacking makes an attempt, interviews etc. Our audit mechanisms alert us to a kink in our protection approaches earlier than it is found out by outside users.