Defense in Depth Defense in Depth is a practical strategy for achieving the highest possible Information Assurance (IA) with the least possible sacrifice, commonly known as the balance of risk versus reward.
This model follows a multilayered approach in which each layer is mutually exclusive. Highly resilient security controls are designed to progressively weaken an attack.
The security community has identified three categories paramount to information security policy: People , Technology , and Operations .
PeopleWithin any organization, statistically, people are the weakest link in the security chain. Datapipe requires all employees to undergo comprehensive background checks to ensure your confidence in our team. Our staff is thoroughly trained in all aspects of privacy and best practices to maintain the highest levels of security through the duration of your IT lifecycle. Datapipe's certified support and security staff are available to assist you 24/7/365 to ensure the security of your solution.
Technology
Our security services suite is designed to go beyond industry standards and maintain the Confidentiality, Integrity and Availability (CIA) of your solution. Even the best business models are at risk from security flaws in your solution's CIA. In general, the security community regards CIA as those aspects of your solution which: - Define and enforce appropriate access levels for information in order to prevent disclosure of information to unauthorized individuals or systems.
- Ensure only authorized data modification and/or deletion and the ability to restore unintentional data changes by authorized users
- Maintain high availability of information, including prevention of DoS or DDos attacks, through uninterrupted accessibility and performance of systems and services.
Perimeter Defense Layer Network Integrity Layer Content Filtering Layer |
|
Host Security Layer Data Protection Layer |
Operations
Operational Security is best described as a culture. Datapipe fosters a culture of intense operational security that permeates all levels of our organization. For example, Datapipe employs strong access control measures across multiple aspects of our operations. Some of these include: security entry cards, biometric hand scanners, thin clients, two factor authentication, email encryption of sensitive data, and PIN number verification for account access. The policies and procedures that stem from a culture of Operational Security are the foundation of day to day operations in all of our facilities. These operations meet the highest standards in the industry. SAS 70 Type II Certified
Datapipe's U.S. Data Centers are SAS 70 Type II Certified, demonstrating our commitment to information security. A service auditor's examination performed in accordance with SAS No. 70 ("SAS 70 Audit") is widely recognized because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. A Type II report not only includes the service organization's description of controls, but also includes detailed testing of the service organization's controls over a minimum six month period.
|
