Network, app and user security

Data Security is a process, not an appliance!

Too often, implementing effective data-security is simply reduced to a purchasing decision about which of the latest and greatest bits of kit to buy. But the best firewall ever invented won't help you if your application is insecure, or someone gets physical access to your racks!

AT FCP, we take a holistic approach to datasecurity, analysing each area independently to define a policy, process and approach (and then the kit to back that up) that treats security as an all encompasing objective.

evolve integrated approach to data security diagram

Network security is delivered though sophisticated hardware firewalls. evolve™ utilises both active and passive intrusion detection systems and techniques, while network access is restricted with PKI.

Application security is guaranteed through the physical partitioning of customer data, so users are not accessing a single shared database. These is also the option of internal data partitioning, so records can be restricted to a branch or group for example. There are multiple levels of user access, an audit trail and optional logging of every system action.

End user security includes a two-factor login and authentication using hardware electronic key and digital certificates. Communication between client and host system is encrypted using 128/1024 Secure Sockets Layer (SSL). As well as conventional dedicated packet filtering firewall techniques, we exclusively employ a public key authentication infrastructure at both systems and user level.

System level access is fully compartmentalised and enforced using a minimum of SSH2/ private key for authentication, while all external access to the evolve network is restricted to HTTPS (browser or Web Service) with users authenticated via SSL-VERIFY implemented using a 2-factor system (digital certificates on hardware USB tokens protected by a PIN and a 5 attempt lock-out).

Physical Security is provided by Equinix (formerly IX Europe). Equinix were  chosen as our primary provider because of the enhanced security offered in comparison to many of the cheaper co-location/datacentre providers.

Access to the fortified building is three-stage, requiring both physical and biometric authentication to even enter the premises. Once inside the building, physical access to our suite requires a further level of authentication.

Within our suite itself, access to all systems is also physically protected. Every area within the entire complex is proactively monitored by Equinix's dedicated security team.

Further information about Equinix and their provisions for security and assurity of service can be found at http://www.equinix.com/prod_serv/ibx/ibx_security.php