What and how is Hipex handeling the security of your environment.
At Hipex security is our top most priority. We understand that your data is very valuable and the security of it is essential to your business. We have created our security protocols and procedures based upon best practices and proven industry standards. Together with our partners and external experts we protect your data against both offline and online threats. Throughout this article we will outline the different procedures and security measurements we have in place.
The software used on our platform is the corner stone of a secure environment. We use different techniques to ensure an automated up 2 date environment for all our instances. These techniques include: automated CI/CD for our platform, monitoring and automated software management.
- All our instances use supported versions Red Hat Enterprise Linux and are updated periodically.
- Security updates are tested and installed automatically. Critical updates are installed within two hours.
- Only needed software is installed.
- Administrative login passwords are disabled. Access is only possible using 2048 bit security keys.
- Administrative access is only possible using the latest supported TLS protocols.
- All our servers are protected by both host-based software firewall and a global hardware based firewall.
- Servers are configured following best practices, published by well-known organizations such as NCSC and IETF.
- Access and security logs are monitored and suspicious behavior is automatically blocked.
We can monitor, alert and automate most aspect of the security spectrum but the most important and unpredictable part remains to be the people working on the systems supporting your website. These steps and protocol's are in place to harden the people link in the security chain.
- Employees receive a periodical security training.
- All devices used by employees is: strictly controlled, fully encrypted and updated periodically.
- The principle of least privilege is used: employees have the bare minimum of privileges necessary to perform there function.
- All employees who require access to customer data are vetted before they are granted access.
When thinking about security auditing the security procedures and protocols are essential. Because of this we have multiple external audits per year. These audits include testing external, internal and social engineering.
All our data center suppliers are at least ISO 27001:2013 certified and have at least the following physical security measurements in place:
- 24/7 High-security video monitored perimeter
- Strict electronic access control with transponder key or admission card.
- All movements outside and within the data center is monitored.
- Access to the server racks is logged and video surveillance is archived.
Backups are an essential part of security and in current times more needed than ever before. Backups should be secure and accessible at all times.
- Stored in a geographical different location from the main data.
- Fully encrypted and immutable.
- Accessible over alternative network.