Nuestro acercamiento holístico a la seguridad

Con la intención de reducir los riesgos de seguridad al mínimo, un acercamiento holístico a la seguridad es necesario. Nuestros procesos de seguridad han nacido de una clara definición de las amenazas a nuestro sistema.

Las amenazas de seguridad son el resultado de la interacción de una aplicación con el mundo exterior y los diferentes usuarios que pueden interactuar con estas interfaces. Por ejemplo Tus Clientes, Revendedores, Tu Equipo, Nuestro Equipo, Navegantes Anónimos y Terceros Servidores están interactuando con nuestro sistema a cada momento. Cada uno de estos actores necesitan tener un diferente nivel de accesos, derechos y permisos.

Metas de la seguridad

Privacidad - La información dentro de nuestra infraestructura y sistemas es solamente accesible a los usuarios autorizados.

Integridad - Los datos e información dentro de nuestra infraestructura no pueden ser capturados por un usuario no autorizado.

Protección de Datos - Los datos dentro de los sistemas no pueden ser dañados, suprimidos o destruidos

Identificación y Autentificación - Se asegura de que cualquier usuario del sistema es quien dice ser.

Protección de la Red - Se asegura que el equipo de Red es tá protegido de intentos de hackeo malintencionados o ataques que amenacen el uptime.

Nuestro acercamiento holístico a la seguridad

Nuestra plataforma y proceso de seguridad dividido en múltiples niveles de seguridad - Consistentes en Sistemas y Equipos de Seguridad¹ combinados con procesos y prácticas de Seguridad² y Procesos de Revisión³, para asegurar la seguridad a todos los servicios que ofrecemos. Nuestra Plataforma aborda la seguridad desde 7 niveles diferentes.

Our global datacenter partnerships are a result of a comprehensive Due diligence process. Security and stability are two of the most important variables in our due diligence process. All datacenters are equipped with surveillance cameras, biometric locks, authorization-based access policies, limited datacenter access, security personnel, and similar standard security equipment, processes and operations. What separates us however is the fact that our due diligence process also incorporates a measure of proactiveness demonstrated by the datacenter towards security. This is measured by evaluating past practices, customer case studies, and the amount of time the datacenter dedicates towards security research and study.

Our global infrastructure deployments incorporate DDOS mitigators,Intrusion Detection systems, and Firewalls both at the edge and theRack level. Our deployments have weathered frequent hacking and DDOSattempts (sometimes as many as 3 in a single day) without anydegradation.

Protection against Distributed Denial-of-Service (DDoS) Attacks
Denialof Service is currently the top source of financial loss due tocybercrime. The goal of a Denial-of-Service attack is to disrupt yourbusiness activities by stopping the operation of your web site, emailor web applications. This is achieved by attacking the servers ornetwork that host these services and overloading the key resources suchas bandwidth, CPU and memory. The typical motives behind such attacksare extortion, bragging rights, political statements, damagingcompetition etc. Virtually any organization that connects to theInternet is vulnerable to these attacks. The business impact of largesustained DoS attacks is colossal, as it would lead to lost profits,customer dissatisfaction, productivity loss etc due to inavailabilityor deterioration of service. A DoS attack in most cases would even landyou with the largest bandwidth overage invoice that you have ever seen.

Our Distributed Denial-of-Service protection system providesunrivaled protection against DoS and DDoS attacks on yourinternet-facing infrastructures i.e. your websites, email and missioncritical web applications, by using sophisticated state-of-the-arttechnology which automatically triggers itself as soon as an attack islaunched. The DDoS mitigator's filtering system blocks almost allfraudulent traffic and ensures that legitimate traffic is allowed up tothe largest extent possible. These systems have seamlessly protectedseveral web sites from large service outages caused by simultaneousattacks as large as 300+ Mbps in the past, thus allowing organizationsto focus on their Business.

Firewall Protection
Our round-the-clock firewall protection system secures the perimeterand delivers the very best first line of defense. It uses highlyadaptive and advanced inspection technology to safeguard your data,website, email and web applications by blocking unauthorized networkaccess. It ensures controlled connectivity between the servers thatstore your data and the Internet through the enforcement of securitypolicies devised by subject matter experts.

Network Intrusion Detection system
Our network intrusion detection, prevention and vulnerabilitymanagement system provides rapid, accurate and comprehensive protectionagainst targeted attacks, traffic anomalies, "unknown" worms,spyware/adware, network viruses, rogue applications and other zero-dayexploits. It uses ultramodern high-performance network processors thatcarry out thousands of checks on each packet flow simultaneously withno perceivable increase in latency. As packets pass through oursystems, they are fully scrutinized to determine whether they arelegitimate or harmful. This method of instantaneous protection is themost effective mechanism of ensuring that harmful attacks do not reachtheir targets.

Hardware StandardizationWe have standardized on hardware vendors that have a track record ofhigh security standards and quality support. Most of our infrastructureand datacenter partners use equipment from Cisco, Juniper, HP, Dell etc.

Host Based Intrusion Detection System
With the advent of tools that are able to bypass port blockingperimeter defense systems such as firewalls, it is now essential forenterprises to deploy Host-based Intrusion Detection System (HIDS)which focuses on monitoring and analyising the internals of a computingsystem. Our Host-based Intrusion Detection System assists in detectingand pinpointing changes to the system and configuration files - whetherby accident, from malicious tampering, or external intrusion - usingheuristic scanners, host log information, and by monitoring systemactivity. Rapid discovery of changes decreases risk of potentialdamage, and also reduces troubleshooting and recovery times, thusdecreasing overall impact and improving security and systemavailability.

Ourapplications run on myriad systems with myriad server software.Operating Systems include various flavors of Linux, BSD, Windows.Server Software includes versions and flavors of Apache, IIS, Resin,Tomcat, Postgres, MySQL, MSSQL, Qmail, Sendmail, Proftpd etc etc.We ensure security despite the diverse portfolio of softwareproducts we utilize by following a process-oriented approach

Timely Application of Updates, Bug Fixes and Security Patches
Allservers are registered for automatic updates to ensure that they alwayshave the latest security patch installed and that any newvulnerabilities are rectified as soon as possible. The largest numberof intrusions result from exploitation of known vulnerabilities,configuration errors, or virus attacks where countermeasures AREalready available. According to CERT, systems and networks are impactedby these events as they have "not consistently" deployed the patchesthat were released.

We fully understand the requirement for strong patch and updatemanagement processes. As operating systems and server software get morecomplex, each newer release is littered with security holes.Information and updates for new security threats are released on analmost daily basis. We have built consistent, repeatable processes anda reliable auditing and reporting framework which ensures that all oursystems are always up-to-date.

Periodic Security Scans
Frequent checks are runusing enterprise grade security software to determine if any servershave any known vulnerabilities. The servers are scanned against themost comprehensive and up-to-date databases of known vulnerabilities.This enables us to proactively protect our servers from attacks andensure business continuity by identifying security holes orvulnerabilities before an attack occurs.

Pre-Upgrade testing processes
Software upgrades arereleased frequently by various software vendors. while each vendorfollows their own testing procedures prior to release of any upgrade,they cannot test inter-operability issues between various software. Forinstance a new release of a database may be tested by the Databasevendor. However the impact of deploying this release on a productionsystem running various other FTP, Mail, Web Server software cannot bedirectly determined. Our system administration team documents theimpact analysis of various software upgrades and if any of them areperceived to have a high-risk, they are first beta-tested in our labsbefore live deployment.

Allof the application software that is used in the platform is built byus. We do not outsource development. Any 3rd party Products orComponents go through comprehensive training and testing procedureswhere all elements of such products are broken down and knowledge abouttheir architecture and implementation is transferred to our team. Thisallows us to completely control all variables involved in anyparticular Product. All applications are engineered using ourproprietary Product Engineering Process which follows a proactiveapproach towards security. Each application is broken down into variouscomponents such as User Interface, Core API, Backend Database etc. Eachlayer of abstraction has its own security checks, despite the securitychecks performed by a higher abstraction layer. All sensitive data isstored in an encrypted format. Our engineering and developmentpractices ensure the highest level of security with regards to allapplication software

Theweakest link in the security chain is always the people you trust.Personnel, Development staff, Vendors, essentially anyone that hasprivileged access to your system. Our Holistic SecurityApproach attempts to minimize security risk brought on by the "HumanFactor". Information is divulged only on a "need-to-know" basis.Authorization expires upon the expiry of the requirement. Personnel arecoached specifically in security measures and the criticality ofobserving them.

Every employee that has administrator privileges to any of ourservers goes through a comprehensive background check. Companies thatskip out on this are putting to risk all sensitive and important databelonging to their customers, as no matter how much money is investedinto high-end security solutions, one wrong hire - having the rightamount of access - can cause greater damage than any external attack.

In a vast deployment of globally distributed servers, audit processesare required to ensure process replication and discipline. Are allservers being patched regularly? Are the backup scripts running all thetime? Are offsite backups being rotated as desired? Are appropriatereference checks being performed on all personnel? Is the securityequipment sending out timely alerts? These and many such questions areregularly verified in an out-of-band process that involvesinvestigation, surveys, ethical hacking attempts, interviews etc. Ouraudit mechanisms alert us to a kink in our security processes before itis discovered by external users.