Security

DG_c

Offering one of the most flexible and secure off-premise environments available today.

En Garde

The infrastructure is housed in highly secure data centres, which utilise state-of-the art electronic surveillance and multi-factor access control systems. Data centres are staffed 24×7 by trained security guards, and access is authorised strictly on a least privileged basis. All personnel must be screened when leaving areas that contain customer data. Environmental systems in the data centres are designed to minimise the impact of disruptions to operations. Multiple geographic regions and locations ensure resilience in the face of most failure modes, including natural disasters or system failures.

The infrastructure has been designed to provide optimum availability while ensuring complete customer privacy and segregation. Information about the physical address of our centres is safeguarded and limited to essential onsite personnel.

Always Evolving

End-of-life hardware is continually replaced with the latest processors that not only improve performance, but also include security technologies such as the latest instructions for speeding up crypto operations (for example, Intel AES-NI instruction for AES algorithm, Intel RDRAND for random number generation) and the Trusted Platform Module chip for enabling hardware-based security features like secure storage and host software verification.

Because some security features can impact performance, ways to reduce friction within existing security processes and services is a priority.

Close Watch

The infrastructure is protected by extensive network and security monitoring systems. These systems provide important security measures, such as basic distributed denial of service (DDoS) protection and password brute-force detection. In addition, infrastructure components are continuously scanned and tested. While some organisations perform vulnerability scanning on their resources once a quarter or once a month, the infrastructure is scanned multiple times a day and from every possible angle.

The production network is segregated from the corporate network and requires a separate set of credentials for access, consisting of SSH public-key authentication through a bastion host using an MFA token. This access is monitored and reviewed on a daily basis by security managers.

Ruthless Automation

In addition to a large staff of security experts, a large set of tools and systems are used to automate many of the security tasks, both large and small. Everything from managing credentials to monitoring server and network usage, port scanning activities, application usage, and unauthorised intrusion attempts.

The automated tools enforce important security principles like least privilege and role segregation programmatically. Custom metrics thresholds for unusual activity can be set and automatically alert the appropriate security experts or take the appropriate actions.

Fully Compliant Data Security

The infrastructure is compliant with an extensive list of global security standards, including ISO 27001, SOC, the PCI Data Security Standard, the Australian Signals Directorate (ASD) Information Security Manual, and the Singapore Multi-Tier Cloud Security Standard (MTCS SS 584).

Independent auditors verify that specific security controls are in place and operating as intended.

Highly Available

The infrastructure is located across multiple geographic regions and zones within each region. This means that infrastructure is physically separated and is located in different risk areas. Each location is fed via different grids from independent utilities to further reduce single points of failure.

In the unlikely case of failure, automated processes move data traffic away from the affected area. Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.