How can we help?
For organizations that produce incredible volumes of data, security is driven by Information Technology (and the data that it generates). While facing an increasingly complex architecture, Addteq instills a continuous improvement philosophy in the way it works.
Security is the foremost consideration when designing our processes, networks, and applications. It also takes into account a broad range of industry standards and frameworks ensuring high integrity, confidentiality, and availability. Some of the architecture level considerations are:
Addteq’s network security covers all levels of the technology stack. Implementation is divided by zone restrictions that include limiting to office, data center, and platform network traffic. Environment separation limited to production and development connectivity. Services explicitly authorized to communicate with other services through an authentication whitelist. Access to sensitive networks is restricted by firewall rules and all connectivity is encrypted. Device certificates, Multi-factor Authentication are implemented for internal resource connectivity. Intrusion detection and prevention systems are layered over our networks to identify issues.
A conclave of engineers, security architects, product managers identifies potential threats which are accommodated into the design process and tested in the appropriate phases of development.
All the applications managed by Addteq are on hosting platforms like DigitalOcean/AWS/Azure/GCP. Their data centers have been designed and optimized to host applications, have multiple levels of redundancy built-in, and run on a separate front-end hardware node on which application data is stored. High availability of data being the primary focus, our hosting partners are ISO 27001, ISO 9001, SOC2, PCI-DSS compliant. All of the infrastructures are designed and implemented with best practices to minimize downtime. Primary (NYC1 for DigitalOcean and US-EAST-1 for AWS) and Secondary (SFO1 for DigitalOcean and US-WEST-1 for AWS) Data centers are defined with fail-over provisions. To keep up with high availability demand, critical infrastructure may be provisioned with multiple nodes in the event of any failure.
For more information, please use the below links:
Addteq’s comprehensive backup program offers resilient storage for application data. Frequencies for automated backups are incremental in nature at a period of sixty (60) minutes. If the most recent full backup is more than 24 hours old, a new full backup is initiated. Backups are retained for 7 days and in the event of successful deletion of backups. Backup is encrypted with RSA 2048 and stored in Amazon private S3 buckets.
Business Continuity and Disaster Recovery
Addteq continues its efforts of maintaining a strong Business Continuity (BC) and Disaster Recovery (DR) plan to ensure minimum impact on customers in the event of any disruptions. Higher emphasis is laid on Continual Improvement through DR/BC initiatives.
To ensure appropriate levels of governance, maintenance, and testing, the following guidelines are observed:
Levels of resiliency are monitored across all regions of our hosting partners so that mitigation strategies could be put in place for failure.
Backup of data is by default on AWS zones and in case of any catastrophe, secondary regions are always assigned.
Backup and restore procedures are in place and tested on a regular basis ensuring high availability to our customers. Addteq offers 99.95% uptime SLA, RTO of 2 hours, and RPO of 1 hour.
There is a range of security controls Addteq implements to keep customer applications and data safe.
While in transit over public networks, data is encrypted using Transport Layer Security (TLS) 1.2. Encryption using TLS enforces strong ciphers and key-lengths that can only be accessed by authorized roles and services with audited access.
Keys are encrypted to protect customer data. This service is integrated with tight access controls ensuring exclusive authorized access to the keys that decrypt it.
In single-tenancy architecture, a customer (a tenant) will have a singular instance of a SaaS application dedicated to them.
With single-tenant architecture, Addteq will aid in managing the software instance and dedicated infrastructure while still lending nearly full control to a single tenant for customization of software. Some common characteristics of single-tenancy models are that they tend to provide a high level of user engagement and user control, as well as reliability, security, and backup ability. Because tenants are in a separate environment from one another, they are not bound in the same way tenants using a shared infrastructure would be.
Benefits of single-tenancy:
Post-development, during the testing phase, Addteq exemplifies its approach to break features using automated and manual testing techniques. In spite of automated testing tools, the engineering team ensures the correctness of the product. If a vulnerability is identified by any of our customers, it is acted upon with the highest priority, and remediation actions are rolled out to all customers. Our security team ensures keeping systems updated and patched with automated security testing tools for infrastructure.
As a part of Vulnerability Management practices, the team is highly focused on continual improvement propaganda. Other than product vulnerabilities, network scans of internal and external infrastructure are made to observe any abnormalities.
Access to customer data stored within applications is restricted on a 'need to access basis. Stringent controls are implemented governing data. Awareness training is provided to our internal employees and contractors during the on-boarding / induction process which covers the importance of and best practices for handling customer data.
Only authorized employees to have access to customer data stored within applications via SSH connections which are strictly from Addteq corporate VPN. Unauthorized or inappropriate access to customer data is treated as a security incident and managed through the incident management process. This process includes instructions to notify affected customers if a breach of policy is observed. Physical access to data centers, where customer data is hosted, is limited to authorized personnel only, with access being verified using biometric measures.
In order to facilitate the maintenance and support process, Addteq Support teams have the necessary access to resolve open tickets. Hosted applications and data are only able to be accessed for the purpose of application health monitoring and performing system or application maintenance, and upon customer request via our support system. Access rights are periodically reviewed every six months. There are automated monitoring and security restrictions to prevent data extraction or back-end access.
Addteq’s awareness program is built on the premise that security is everyone’s responsibility. The training and awareness program is used as the primary vehicle for communicating responsibilities to employees. Employees and contractors are required to sign a confidentiality agreement prior to starting with us, and subsequently, during the onboarding process, security awareness courses are delivered to these new hires. Keeping in line with the theme of ‘continuous improvement’, we disseminate security messages through company-wide email messages and blog posts.
A hierarchical approach to change management serves the best. Addteq ensures that any change in code or infrastructure ( internal or external) has a requirement to be reviewed by the reporting managers to identify any issues the change could cause. Security and performance issues go through a higher number of reviews and tests performed on branch merge by use of CI tools. There is a formal process to ensure clients are notified prior to changes being made that may impact their service.
Addteq strives to hire the best and the brightest of talent available. During the recruitment process, the Addteq HR team performs employment, background, visa, financial checks. Once onboarded, each employee is provided a 30-day onboarding plan. This includes relevant access defined to the roles, Security Policies, and procedures. Each employee is made to sign a confidentiality agreement upon hire which also contains a disciplinary process for non-compliance.
In spite of Addteq’s best efforts in the design and implementation areas, there is always a margin of error leading to gaps that need to be identified and prevented proactively. Addteq team uses various tools to monitor applications and infrastructure separately. In the event of escalations, Addteq has internal subject matter experts to investigate and drive to issue closure within 24-48 hours for P1 (Sev 1) issues.