Is Cloud Software Safe?
The team at 4castplus takes the management and security of our clients’ data extremely seriously. We understand that privacy, reliability, security and high-availability are vital aspects and advantages of cloud-based software.
Every organization is vulnerable to attack, regardless of whether their data is hosted in the cloud or not. Our cloud hosting centers are able to leverage economies of scale to create an extremely well protected environment that achieves a level of data security that would be cost prohibitive for almost any company’s IT department.
The data center employs multiple mantrap security measures – proximity pass, fingerprint, and security code. There are seven layers of security between the front door and an individual computer rack. Physical security measures include:
- Security Cameras throughout the facility
- Multiple pan-tilt-zone cameras outside the facility
- Cameras images are recorded, searchable and archived for a minimum of 90 days
- Proximity pass and biometric scanners at multiple access points
- Motion sensors and intrusion detection sensors
- Audible alarm system is sounded immediately upon the triggering of any sensor
- Steel doors and two-stage man traps
- Computer racks are individually locked
- Access control system is located in a locked cabinet in a secure room that’s only accessible by authorized personnel
- Manned and monitored security desk
- Security systems are monitored 7×24 by both the on-site NOC and an off-site third party
Fiber feeds into the data center are delivered through diverse underground conduits into the facility. The data center LAN is fully redundant with 10Gbps capability to every cabinet and device within the facility. Built on the Cisco Nexus 3.0 platform, it has no single points of failure and supports concurrent maintenance. All customer data traffic is isolated on private VLANs within our GigaCenter switching with separate layer 3 routing interfaces created per VLAN at the core routing layer. No layer 2 traffic is carried between VLANs, and logical layer 2 VLAN segments are never shared between clients. Sophos UTM Firewall & Network Security Gateway is applied.
The data center’s processes have been audited by a third party by evidence of the Type II SSAE 16 SOC 1 (Formerly SAS 70) certification.
Existing, audited processes include:
- All entrances are locked at all times; Two factor authentication (badge and biometric) is required for access to the facility and to the data halls
- All employees and authorized (badged) contractors are subject to a criminal record check
- All employees must wear a photo-ID badge at all times while in the facility
- Each employee and authorized contractor must use their access badge in when arriving, and badge out when leaving the facility (no tailgating); a perpetual log is maintained of what personnel are onsite
- Badge and biometric access is controlled in zones, ensuring personal have access to authorized areas only
- Changes to access are documented and approved by management
- The ability to create, modify or delete access authorization is restricted by management
- Processes are in place to remove access when an employee or contractor is terminator or a badge is lost
- The access control system is logged, searchable and archived; logs are retained for at least 90 days
- Visitors are required to sign a visitor log, provide a government issued photo ID, and wear a visitor badge while in the facility
- Visitors are escorted at all times
- Personnel are on-site 7x24x365.
- The Chief Security Officer is responsible for the ongoing review, management, optimizing and documenting the Security Plan.
All information passed between client and the secure data center is compressed, encrypted and transmitted over HTTPS secure protocol. Additionally, key data fields in the database are encrypted using one-way encryption (bcrypt). This prevents even brute force decryption by using a time-based algorithm
Backup, Failover and Redundancy
Four separate levels of data backup are provided for all 4castplus client data. Incremental backups, two levels of daily backups and backup to offsite storage. Redundant servers mirror production servers for instantaneous failover in the event of failure. 24/7 server monitoring and alerts ensure expedient response time for immediate issue resolution. 4castplus data centers have 99.99% availability and uptime.