At Wirehive, we place a very high level of importance on the security of the services we provide to you. There are almost daily news reports of security incidents from hacking to data breaches and distributed denial of service attacks to ransomware infections. To help reduce the risk of our systems being impacted by cyber-attacks we consider security in everything that we do, as is demonstrated by our commitment to achieving and maintaining ISO 27001 certification.
We have implemented a range of security measures to provide protection from a wide range of possible attacks. As well as keeping your data safe, these controls help us to identify potential security incidents, respond in a timely manner and conduct investigations into confirmed breaches so that we can improve our defences.
Our data centres have been chosen because of their commitment to information security. Each has been separately certified as conforming to the ISO 27001 standard and have a range of measures in place to ensure the security and availability of your information.
We believe that our security measures provide ample security. However, we also understand that you may have additional security needs above and beyond those that we provide as standard. To cater for such requirements, we are able to provide you with the following optional security controls:
Our security measures include regular backups to protect your data should an element of our infrastructure fail. These backups do not protect you in the event of data loss within your service. Such data loss could arise for numerous reasons, ranging from file system corruption to ransomware.
We offer several optional backup services to help protect against such incidents. Available options include backups within the same data centre, within a different data centre, with a third-party (for example with one of our Cloud Service Providers) or a combination of these. We are also able to provide you with a range of retention periods for data backup services.
We can configure your service to meet your cryptographic requirements. This is commonly encryption of data in transit using secure communication protocols based on SSL/TLS, such as HTTPS, and encryption of data at rest. If you are dealing with personal data or financial information, for example, we would highly recommend adding this extra layer of security to your solution.
We are also able to provide you with other cryptographic services for the protection of confidentiality and integrity of your data. Such other facilities include non-repudiation services, for example digital signatures, which can be used to prove actions undertaken by a specific person.
When providing you with any cryptographic service, we will always follow industry best practices and use standards compliant implementations.
We can provide you with host-based firewalls, which you can use to control access to your services. In addition, we can add rules to our firewalls that either allow or deny traffic to your services. This is useful for controlling which traffic is able to reach your server and helps to restrict access to only that which you have authorised.
A highly available service is more resilient to internet traffic congestion, provides an element of redundancy and can help provide a more responsive user experience than a non-high availability solution. This is achieved by hosting your service in multiple locations and making sure that each of these is accessible via the correct domain name.
If you require the availability of your service to be greater than the SLA we provide as standard, we can provide a high availability solution. This means provisioning your service in multiple datacentres, which could include our co-located data centres, those of our Cloud Service Providers, or a combination of these. We would also need to configure additional tools, such as a load balancer, to be able to provide you with this functionality.
Our Customer Portal gives you control over the users who have access to issue instructions to us on your behalf. This does not automatically extend to controlling access to the services we provide to you. Depending on the service you have purchased, identity and access management controls may be provided as standard, for example customers on one of our Amazon Web Services plans will have access to the AWS IAM portal.
Depending on the type of service we provide to you, we can configure your services to monitor and report when certain events occur. This information can help to provide an early indication of system availability issues, which could be an early indicator of an attempted Denial of Service attack. If monitoring is provided as part of our service to you, you can raise a support ticket through the Customer Portal to alter the monitoring configuration. If you do not currently have a monitoring service and would like us to implement this facility for you, please contact your Account Manager in the first instance.
In addition to the monitoring service, we can configure your system to log certain security events. Such logs can either be retained locally or sent to a remote logging server, and can be useful in diagnosing problems and potential security incidents. Whilst we monitor our systems, we do not routinely conduct logging and monitoring of the activity that occurs as a result of your use of the service.
We conduct regular security scanning of our corporate and infrastructure systems, but this does not automatically extend to the individual services we provide to you. Scanning can be conducted on an ad-hoc basis or continuously.
We appreciate that sometimes you might have more stringent security requirements for your solution than are provided by our security measures and our optional security controls combined. In
such scenarios, we offer a consultation and design service, where our Solutions Architecture team partner with you to develop a solution which meets your higher security requirements.
To find out more information about our solution consultation and design service and to request a quotation, please contact our Sales department in the first instance. Existing customers who wish to take advantage of this service should enquire with their account manager.