SECURITY
SECURITY
OPTIMAL PERFORMANCE AND DATA INTEGRITY
THE SECURITY WE CREATE
SECURITY
InfoBridge cloud service represents the convergence of all InfoBridge technologies and value within one streamlined solution. While many have benefited from the overall value, ease of use, and adaptability to solve for many different digital strategies .Our cloud services are based on and includes InfoBridge core security values. Our worldwide support, integrity, continuous improvement, and transparency are a part of all our solutions and most certainly at the forefront for our cloud services
CLOUD ARCHITECTURE
Services are deployed on Microsoft Azure and operate on a security hardened OS, specifically designed to limit the attack surface of the operating system. The service also provides automated elastic scaling to smoothly handle traffic peaks, assuring high performance for seasonal spikes and other unanticipated spikes in traffic.An anti-malware service is running on all service operating systems to provide drive level protection against malicious file uploads. Each customer’s service is isolated by Virtual Networks. Availability and performance are constantly monitored.All data-in-transit is encrypted via HTTPs/TLS. The delivery network provides a broader, wider attack base and the Web Application Firewall (WAF) provides state-of-the-art scanning to monitor for unusual or malicious traffic. The global 24/7/365 InfoBridge Managed Services team continuously manages and monitors the delivery network and WAF to anticipate and mitigate attacks including DDoS style attacks against the DNS and service. Service instances are load balanced and enabled for automated elastic scaling. InfoBridge also provides multi-domain SSL certificates with the service.
SECURE & RELIABLE DATACENTERS
The InfoBridge cloud services runs on Azure datacenters. Each facility is designed to run 24x7x365 with protection from power failure, physical intrusion & network outages. The Datacenters comply with industry standards (including ISO 27001) for physical security & availability. Access to all entry points are protected by perimeter fencing, cameras and biometric safeguards including palm readers, iris recognition and fingerprint readers. Uninterruptible power supplies and seismic bracing ensure continuous operation.
For more information, please
visit Microsoft's website.
LEAST PRIVILEGE ACCESS
All InfoBridge team members are trained on ITIL best practices for security, privacy and quality. Access to applications and data is strictly limited by the principle of Least Privilege and all access is secured by encrypted network connections and IP Filtering. InfoBridge team members only access data for the authorized purposes of archiving, backup, restoration, and collection of anonymized usage statistics to improve the service. InfoBridge does not access thinly grained data nor PII data.
PROACTIVE SECURITY HARDENING
Microsoft continuously works to ensure Azure is protected through a pro-active process known as Red Teaming; a form of live site penetration testing against the Azure infrastructure. Microsoft simulates real-world breaches and practices security incident response to test and improve the security of Azure.
Note, no end-customer data or applications are targeted during Red Team penetration testing. For more information, please review
this Microsoft page.
INFOBRIDGE SECURE DEVELOPMENT LIFE CYCLE
InfoBridge & Microsoft follow formal processes to ensure our offerings are developed with security industry best practices. InfoBridge solutions are built by established teams that are focussed on building highly scalable, performant and secure systems. This is done through a Secure Development Lifecyle approach. InfoBridge SDL utilizes principles from the Open Web Application Security Project (http://owasp.org) with processes in place to prevent security risks. InfoBridge .NET base runs managed code which also protects code and data from being misused or damaged by other code including potentially malicious programs.
TRANSPARENCY OF SERVICE HEALTH AND CONTINUITY
InfoBridge support communicates incidents regarding customer specific applications and websites. Customers are notified by email regarding issues and are updated during the progress of the incident.
SYSTEM UPDATES AND PATCHING
The InfoBridge cloud services uses Microsoft Azure to run service instances and thus aligns with the Microsoft patch release cycle. Microsoft is responsible for patch management, learn more about
Microsoft's Guest OS patch management schedule and the support lifecycle on their website. InfoBridge works closely with Microsoft for any edge cases involving patching. InfoBridge follows a continuous release cycle with new releases on a two-weekly basis. Releases include both new features and fixes.
Note that you are responsible for installing updates to the InfoBridge products you deploy in your on-premise environment.
REDUCED RISK THROUGH REDUCED SCOPE
The service does not use the traditional version of Microsoft Windows, but rather a purpose-built version with a smaller attack surface and reduced potential for vulnerabilities. Each service instance uses isolated resources. With all the security benefits from Microsoft Azure, the scope of risk is reduced to traffic exclusive to web traffic at the network edge - more specifically ports 80 and 443.
TRANSPORT LAYER SECURITY (TLS/SSL)
TLS/SSL is commonly used for encrypted integration and communication with other services over HTTP (HTTPS). Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) are cryptographic protocols that secure communications over a network by encrypting data being sent to and from each of the end-points. These protocols are used for securing communications for many different applications including email, voice-over-IP (VoIP), and web-based faxing. Websites also use TLS for encrypting data to and from web browsers interacting with web sites and applications. All domains in the InfoBridge cloud services are protected by TLS/SSL by default.
ANTIVIRUS AND ANTI-MALWARE
InfoBridge cloud services utilizes
Microsoft's standard approach for Azure anti-malware to provide real-time protection and content scanning.
IDS/IPS MANAGEMENT
Microsoft implements a defence in-depth approach and monitors the Microsoft Azure platform in many ways to detect possible attacks and vulnerabilities. The platform is protected by an active IDS/IPS system, which uses a number of techniques to detect attacks including traffic analysis.
PENETRATION TESTING
Microsoft and their Red Team regularly pen test the underlying infrastructure of the InfoBridge cloud services. The InfoBridge services platform are also subject to regular penetration tests conducted by customers and partners.