Our Holistic Security Approach
In order to reduce security risks to minimum, a holistic approach to security is required. Our security processes are born out of a clear definition of the threats to our system.
Privacy - Information within our infrastructure and systems will only be accessible by authorized users
Integrity - Data and information within our infrastructure cannot be tampered with by any unauthorized user
Data Protection - Data within the systems cannot be harmed, deleted or destroyed
Identification and Authentication - Ensures that any user of the system is who he claims to be and eliminates chances of impersonation
Network Service Protection - Ensures that networking equipment is protected from malicious hacking attempts or attacks that threaten uptime
Our Holistic Security Model
Our Security platform and process leverage on multiple levels of security - consisting of Security Systems
and Equipment1 combined with Security Procedures and Practices2 and Auditing Processes3,
to ensure unparalleled security for all the services we provide. The platform tackles security at 7 different levels
Level-1 Datacenter Security
Our global datacenter partnerships are a result of a comprehensive Due diligence process. Security and stability are
two of the most important variables in our due diligence process. All datacenters are equipped with surveillance
cameras, biometric locks, authorization-based access policies, limited datacenter access, security personnel, and
similar standard security equipment, processes and operations.
What separates us however is the fact that our due
diligence process also incorporates a measure of proactiveness demonstrated by the datacenter towards security.
This is measured by evaluating past practices, customer case studies, and the amount of time the datacenter dedicates
towards security research and study.
Level-2 Network Security
Our global infrastructure deployments incorporate DDOS mitigators,
Intrusion Detection systems, and Firewalls both at the edge and the
Rack level. Our deployments have weathered frequent hacking and DDOS
attempts (sometimes as many as 3 in a single day) without any
Firewall Protection -
Our round-the-clock firewall protection system secures the perimeter
and delivers the very best first line of defense. It uses highly
adaptive and advanced inspection technology to safeguard your data,
website, email and web applications by blocking unauthorized network
access. It ensures controlled connectivity between the servers that
store your data and the Internet through the enforcement of security
policies devised by subject matter experts.
Network Intrusion Detection system -
Our network intrusion detection, prevention and vulnerability
management system provides rapid, accurate and comprehensive protection
against targeted attacks, traffic anomalies, "unknown" worms,
spyware/adware, network viruses, rogue applications and other zero-day
exploits. It uses ultramodern high-performance network processors that
carry out thousands of checks on each packet flow simultaneously with
no perceivable increase in latency. As packets pass through our
systems, they are fully scrutinized to determine whether they are
legitimate or harmful. This method of instantaneous protection is the
most effective mechanism of ensuring that harmful attacks do not reach
Protection against Distributed Denial-of-Service (DDoS) Attacks -
of Service is currently the top source of financial loss due to
cybercrime. The goal of a Denial-of-Service attack is to disrupt your
business activities by stopping the operation of your web site, email
or web applications. This is achieved by attacking the servers or
network that host these services and overloading the key resources such
as bandwidth, CPU and memory. The typical motives behind such attacks
are extortion, bragging rights, political statements, damaging
competition etc. Virtually any organization that connects to the
Internet is vulnerable to these attacks. The business impact of large
sustained DoS attacks is colossal, as it would lead to lost profits,
customer dissatisfaction, productivity loss etc due to inavailability
or deterioration of service. A DoS attack in most cases would even land
you with the largest bandwidth overage invoice that you have ever seen.
Our Distributed Denial-of-Service protection system provides
unrivaled protection against DoS and DDoS attacks on your
internet-facing infrastructures i.e. your websites, email and mission
critical web applications, by using sophisticated state-of-the-art
technology which automatically triggers itself as soon as an attack is
launched. The DDoS mitigator's filtering system blocks almost all
fraudulent traffic and ensures that legitimate traffic is allowed up to
the largest extent possible. These systems have seamlessly protected
several web sites from large service outages caused by simultaneous
attacks as large as 300+ Mbps in the past, thus allowing organizations
to focus on their Business.
Level-3 Host Security
Host Based Intrusion Detection System -
With the advent of tools that are able to bypass port blocking
perimeter defense systems such as firewalls, it is now essential for
enterprises to deploy Host-based Intrusion Detection System (HIDS)
which focuses on monitoring and analyising the internals of a computing
system. Our Host-based Intrusion Detection System assists in detecting
and pinpointing changes to the system and configuration files - whether
by accident, from malicious tampering, or external intrusion - using
heuristic scanners, host log information, and by monitoring system
activity. Rapid discovery of changes decreases risk of potential
damage, and also reduces troubleshooting and recovery times, thus
decreasing overall impact and improving security and system
We have standardized on hardware vendors that have a track record of
high security standards and quality support. Most of our infrastructure
and datacenter partners use equipment from Cisco, Juniper, HP, Dell etc.
Level-4 Software Security
Our applications run on myriad systems with myriad server software.
Operating Systems include various flavors of Linux, BSD, Windows.
Server Software includes versions and flavors of Apache, IIS, Resin,
Tomcat, Postgres, MySQL, MSSQL, Qmail, Sendmail, Proftpd etc etc.
We ensure security despite the diverse portfolio of software
products we utilize by following a process-oriented approach
Timely Application of Updates, Bug Fixes and Security Patches -
servers are registered for automatic updates to ensure that they always
have the latest security patch installed and that any new
vulnerabilities are rectified as soon as possible. The largest number
of intrusions result from exploitation of known vulnerabilities,
configuration errors, or virus attacks where countermeasures ARE
already available. According to CERT, systems and networks are impacted
by these events as they have "not consistently" deployed the patches
that were released.
We fully understand the requirement for strong patch and update
management processes. As operating systems and server software get more
complex, each newer release is littered with security holes.
Information and updates for new security threats are released on an
almost daily basis. We have built consistent, repeatable processes and
a reliable auditing and reporting framework which ensures that all our
systems are always up-to-date.
Periodic Security Scans -
Frequent checks are run
using enterprise grade security software to determine if any servers
have any known vulnerabilities. The servers are scanned against the
most comprehensive and up-to-date databases of known vulnerabilities.
This enables us to proactively protect our servers from attacks and
ensure business continuity by identifying security holes or
vulnerabilities before an attack occurs.
Pre-Upgrade testing processes -
Software upgrades are
released frequently by various software vendors. while each vendor
follows their own testing procedures prior to release of any upgrade,
they cannot test inter-operability issues between various software. For
instance a new release of a database may be tested by the Database
vendor. However the impact of deploying this release on a production
system running various other FTP, Mail, Web Server software cannot be
directly determined. Our system administration team documents the
impact analysis of various software upgrades and if any of them are
perceived to have a high-risk, they are first beta-tested in our labs
before live deployment.
Level-5 Application Security
of the application software that is used in the platform is built by
us. We do not outsource development. Any 3rd party Products or
Components go through comprehensive training and testing procedures
where all elements of such products are broken down and knowledge about
their architecture and implementation is transferred to our team. This
allows us to completely control all variables involved in any
particular Product. All applications are engineered using our
proprietary Product Engineering Process which follows a proactive
approach towards security.
Each application is broken down into various
components such as User Interface, Core API, Backend Database etc. Each
layer of abstraction has its own security checks, despite the security
checks performed by a higher abstraction layer. All sensitive data is
stored in an encrypted format. Our engineering and development
practices ensure the highest level of security with regards to all
Level-6 Personnel Security
Theweakest link in the security chain is always the people you trust.
Personnel, Development staff, Vendors, essentially anyone that has
privileged access to your system. Our Holistic Security
Approach attempts to minimize security risk brought on by the "Human
Factor". Information is divulged only on a "need-to-know" basis.
Authorization expires upon the expiry of the requirement. Personnel are
coached specifically in security measures and the criticality of
Every employee that has administrator privileges to any of our
servers goes through a comprehensive background check. Companies that
skip out on this are putting to risk all sensitive and important data
belonging to their customers, as no matter how much money is invested
into high-end security solutions, one wrong hire - having the right
amount of access - can cause greater damage than any external attack.
Level-7 Security Audit Processes
In a vast deployment of globally distributed servers, audit processes
are required to ensure process replication and discipline. Are all
servers being patched regularly? Are the backup scripts running all the
time? Are offsite backups being rotated as desired? Are appropriate
reference checks being performed on all personnel? Is the security
equipment sending out timely alerts?
These and many such questions are
regularly verified in an out-of-band process that involves
investigation, surveys, ethical hacking attempts, interviews etc. Our
audit mechanisms alert us to a kink in our security processes before it
is discovered by external users.