India/ Bengaluru

Your data is SAFE & SECURE with us.

Blog image

DATA CENTRE:

Our primary data center (DC) and the service delivery center (SDC), are hosted within our main corporate office in Bangalore. This is a Tier-3 Standards Data center, with redundant and dual-powered servers, storage, network links and other IT components. It is powered with multiple, active and independent sources of power and cooling resources. The computing servers boast of highly composed infrastructure like the HP Synergy 12000 with SSD Storage. The data center is fully virtualized with the VMWare vCenter Virtualization System, which increases IT agility, flexibility and scalability. The benefits of virtualization make IT simpler to manage and operate, and offer enterprises increased performance and availability of resources, and automated operations. We use the Veeam Backup and replication tool that delivers lightning-fast and reliable restores for individual files, entire VMs and application items. We ensure that you have the confidence in virtually every recovery scenario to give you the ability to attain low recovery time objectives (RTOs).

DISASTER RECOVER CENTRE:

Our Disaster Recovery Center (DR) is hosted within Tata Communications Limited, Hyderabad. We have hosted our own equipment inside their Rack Space. The vendor is compliant to ISO 27001 Standards. All the business-critical data from the DC is replicated to this DR Site over a secured MPLS network, using the Veeam replication tool. The disaster recovery plan is implemented and audited by a third party. The plan is tested periodically to ensure high availability of impacted systems.

BUSINESS CONTINUITY:

Our branches in Gurgaon and Mumbai are a part of our business continuity plan and connected to the DC and DR sites over MPLS Networks. We test our business continuity plan periodically and share reports to clients.

NETWORK SECURITY

Our network infrastructure is highly secure, with best-in-class systems like Cisco Routers, the Fortinet 600D Firewall, HP Networking and Servers. Fortinet 600D is a Unified Threat Management System that include AV Protection, Content Filters, Application Filters, IPS, DDoS Protection, DLP, and Load Balancing. Our network is VLAN-segregated and a Fortinet VDOM Firewall is in place between the Network Layer. Access is controlled with port-specific policies. Only secured protocol like HTTPS, POP3S, SMTPS, IMAPS, IPSec VPN are used for secured transmission of data over network. We use TLS 1.2+ for Transport Layer Security.

Our IT Infrastructure is completely managed by in-house IT Administration Team and customer data privacy and confidentiality is given the highest importance. The “Alien Vault” central log management server is implanted for storing and analyzing security events. The network is secured with authenticated users and is controlled by the internal IT administration team. Internet access is denied by default. User access profiles are controlled using GPO. F-Secure enterprise is used for endpoint security with AV protection and local device access control. Remote access is not enabled for processors. Forti Client is used for endpoint protection and access over the IPSec VPN for selected client- facing users.

APPLICATION SECURITY

Applications are built on secured frameworks with inbuilt libraries to ensure all OWASP controls. We have implemented the Agile Scrum SDLC Methodology, for agility in our services and to ensure faster delivery of solutions. Web application security controls are implemented at every stage of development, testing and implementation. Vulnerability assessment and penetration tests are conducted on all customer-facing applications and IT Infrastructure. We ensure that all known vulnerabilities are resolved periodically, and that customer data is safe and secure.

DATA PRIVACY & CONFIDENTIALITY

Data privacy and confidentiality is given the highest importance and industry best practises are implemented in the form of regulatory controls. Our client’s employee data privacy and confidentiality is ensured at all levels.

COMPLIANCES

We are compliant to the following standards and regulations.