Cloud Security

Cloud Security

Date: 1^st January 2023, Version number: 1.0

Access and Authentication 

Access to Smylor’s systems is strictly controlled through both our Access Control policies as well as technical controls. Our approach will always be to provision on a ‘need-to-know’ basis.

• The Smylor team is only permitted access to internal services via Virtual Private Networks, utilizing OpenVPN.
• Only a limited number of engineers, whose job function is to support and maintain the Smylor environment, are permitted access to Smylor’s production environment.

Monitoring and Logging 

Smylor’s Site-Reliability Engineers take ownership of Infrastructure and Application performance monitoring. Below are a few of the measures taken by this team to ensure Smylor monitors performance while maintaining a strong security mindset.

• Infrastructure monitoring of compute services, business-layer, and database services health, including read/write latency.
• Host-based detection systems monitoring the internal end-hosts.
• Unauthorized access attempts are logged and escalated through security monitoring tools.
• Application Performance Management and monitoring of available services.
• The centrally managed logging platform, with a dashboard of service hosts health.
• Automated alerting configured with an on-call schedule. 

Data Center Physical Security 

Located in Germany and Switzerland, Smylor manages the physical security of its Data Centers via processes which include:

• Only pre-approved physical access to data centers is granted to employees and third-parties, who have a valid business justification to have physical access. The principle of least privilege is applied to requests for specific predetermined data center layers. 
• Physical access points to server rooms are recorded by Closed Circuit Television Camera (CCTV). Images are retained according to legal and compliance requirements.
• Physical access is controlled at building ingress points by professional security staff utilizing surveillance, detection systems, and other electronic means. Authorized staff utilizes multi-factor authentication mechanisms to access data centers.
• Alarms are immediately dispatched to on site Security Operations Centers for immediate logging, analysis, and response.

Data Center Environmental Safeguards 

Environmental and power considerations have been made to ensure that in the event of a natural or environmental event, safeguards have been implemented to provide continued operational service and minimal downtime.

• Electrical power systems are designed to be fully redundant and maintainable without impact to operations. Back-up power is installed to supply and ensure power is available to maintain operations in the event of an electrical failure for critical and essential loads in the facility.
• Mechanisms to control climate and maintain an appropriate operating temperature for servers and other hardware to prevent overheating and reduce the possibility of service outages.
• Automatic fire detection- and suppression equipment. Fire detection systems utilize smoke detection sensors within networking, mechanical, and infrastructure spaces. These areas are also protected by fire suppression systems.
• Should potential flooding occur in the Data Center, mechanisms are in place to remove water in order to prevent any additional water damage.