Cloud Data threats and Analysis

This page contains information about how Simreka deals and mitigates Cloud Data threats and policies to prevent them.

Data Threats 

Data Breaches
We prevent data breaches through the use of encryption as explained above, UNIX permissions for users in the shared regime and private clusters, as an option.

Data Loss
In our platform users always have access to their data, regardless of the service level and the type of contract. Users have the ability to export the data in standard formats for use outside our platform. We use redundant storage architecture and run daily backups for the data in order to prevent any losses.

 

Network Threats

Account Hijacking
We have an intrusion detection system based on daily account activity monitoring (screen for malicious or out-of-the-ordinary behavior). We use of strong passwords and have plans to implement multi-factor authentication soon.

Denial of Service
We verify all network requests within the production servers by using virtual private network and security groups. We also maintain a backup IP pool for urgent cases. We further implement load balancing and use multiple cloud providers, multiple datacenters within each provider, and multiple availability zones within each datacenter.

Cloud-specific Threats
Interface and API security
The interface-related threats are mitigated through the use of a transparent user-level permission scheme, extensive onboarding/training, and regular data access checks by the support team.

Our software architecture is based on trusted computing principles, where trusted and non-trusted code is clearly differentiated through secure authorization.

Malicious Insiders
All sensitive information (eg. encryption keys) is only accessible to authorized Simreka personnel (2 persons) and are stored in multiple locations on company-owned hardware. A Proprietary Information Agreement is required for each employee. We further consider Non-disclosure agreements a normal practice for customers.

Abuse of Cloud Service
We deploy a strict initial registration and validation processes: we verify the information about and establish contact with each new user. The policies for the protection of important assets are made part of the agreement between user and Simreka as a service provider.

We maintain and present to the customers a clear log of all usage-related transactions so that they can control spends and prevent over-use.

Insufficient Due Diligence
Simreka will disclose the applicable logs, infrastructure, such as firewall, and other measures we take for securing the operations to our customers. We further follow the requirements set by the cloud providers for implementing cloud applications, and services using industry standards.

Shared Technology Vulnerabilities
We work with trusted cloud service providers (AWS, GCP) that monitor the vulnerabilities in the cloud environment and release/deploy patches to fix those vulnerabilities regularly.

For more information please free to email us at: [email protected]