Security Goals
Privacy – Information within our infrastructure and systems will only be accessible by authorized users
Integrity – Data and information within our infrastructure cannot be tampered with by any unauthorized user
Data Protection – Data within the systems cannot be harmed, deleted or destroyed
Identification and Authentication – Ensures that any user of the system is who he claims to be and eliminates chances of impersonation
Network Service Protection – Ensures that networking equipment is protected from malicious hacking attempts or attacks that threaten uptime
Our Holistic Security Model
Level-1 Datacenter Security
Level-2 Network Security
Our global infrastructure deployments incorporate DDOS mitigators, Intrusion Detection systems, and Firewalls both at the edge and the Rack level. Our deployments have weathered frequent hacking and DDOS attempts (sometimes as many as 3 in a single day) without any degradation.
Firewall Protection – Our round-the-clock firewall protection system secures the perimeter and delivers the very best first line of defense. It uses highly adaptive and advanced inspection technology to safeguard your data, website, email and web applications by blocking unauthorized network access. It ensures controlled connectivity between the servers that store your data and the Internet through the enforcement of security policies devised by subject matter experts.
Network Intrusion Detection system – Our network intrusion detection, prevention and vulnerability management system provides rapid, accurate and comprehensive protection against targeted attacks, traffic anomalies, “unknown” worms, spyware/adware, network viruses, rogue applications and other zero-day exploits. It uses ultramodern high-performance network processors that carry out thousands of checks on each packet flow simultaneously with no perceivable increase in latency. As packets pass through our systems, they are fully scrutinized to determine whether they are legitimate or harmful. This method of instantaneous protection is the most effective mechanism of ensuring that harmful attacks do not reach their targets.
Protection against Distributed Denial-of-Service (DDoS) Attacks – Denial of Service is currently the top source of financial loss due to cybercrime. The goal of a Denial-of-Service attack is to disrupt your business activities by stopping the operation of your web site, email or web applications. This is achieved by attacking the servers or network that host these services and overloading the key resources such as bandwidth, CPU and memory. The typical motives behind such attacks are extortion, bragging rights, political statements, damaging competition etc. Virtually any organization that connects to the Internet is vulnerable to these attacks. The business impact of large sustained DoS attacks is colossal, as it would lead to lost profits, customer dissatisfaction, productivity loss etc due to inavailability or deterioration of service. A DoS attack in most cases would even land you with the largest bandwidth overage invoice that you have ever seen.
Our Distributed Denial-of-Service protection system provides unrivaled protection against DoS and DDoS attacks on your internet-facing infrastructures i.e. your websites, email and mission critical web applications, by using sophisticated state-of-the-art technology which automatically triggers itself as soon as an attack is launched. The DDoS mitigator’s filtering system blocks almost all fraudulent traffic and ensures that legitimate traffic is allowed up to the largest extent possible. These systems have seamlessly protected several web sites from large service outages caused by simultaneous attacks as large as 300+ Mbps in the past, thus allowing organizations to focus on their Business.
Level-3 Host Security
Level-4 Software Security
Our applications run on myriad systems with myriad server software. Operating Systems include various flavors of Linux, BSD, Windows. Server Software includes versions and flavors of Apache, IIS, Resin, Tomcat, Postgres, MySQL, MSSQL, Qmail, Sendmail, Proftpd etc etc. We ensure security despite the diverse portfolio of software products we utilize by following a process-oriented approach
Timely Application of Updates, Bug Fixes and Security Patches – All servers are registered for automatic updates to ensure that they always have the latest security patch installed and that any new vulnerabilities are rectified as soon as possible. The largest number of intrusions result from exploitation of known vulnerabilities, configuration errors, or virus attacks where countermeasures ARE already available. According to CERT, systems and networks are impacted by these events as they have “not consistently” deployed the patches that were released.
We fully understand the requirement for strong patch and update management processes. As operating systems and server software get more complex, each newer release is littered with security holes. Information and updates for new security threats are released on an almost daily basis. We have built consistent, repeatable processes and a reliable auditing and reporting framework which ensures that all our systems are always up-to-date.
Periodic Security Scans – Frequent checks are run using enterprise grade security software to determine if any servers have any known vulnerabilities. The servers are scanned against the most comprehensive and up-to-date databases of known vulnerabilities. This enables us to proactively protect our servers from attacks and ensure business continuity by identifying security holes or vulnerabilities before an attack occurs.
Pre-Upgrade testing processes – Software upgrades are released frequently by various software vendors. while each vendor follows their own testing procedures prior to release of any upgrade, they cannot test inter-operability issues between various software. For instance a new release of a database may be tested by the Database vendor. However the impact of deploying this release on a production system running various other FTP, Mail, Web Server software cannot be directly determined. Our system administration team documents the impact analysis of various software upgrades and if any of them are perceived to have a high-risk, they are first beta-tested in our labs before live deployment.