Secure Internet Storage Solutions (Secure-ISS) takes our users’ security and privacy concerns seriously. The protection of your personal information is fundamental to the way we provide our services. To this end, we have adopted data protection policies and procedures to protect the personal information that you entrust to us. The information that we collect is sufficient to ensure that the services provided by AppServe are secure, efficient and ultimately meet our customers’ expectations.
The following paragraphs outline our Security Policy. We may make alterations or additions to this policy from time to time; if so, these changes will be reflected on our website.
AppServe utilises some of the most advanced technology for Internet security commercially available today. AppServe requires users to create a unique user name and password that must be entered each time a user logs on. When a user accesses our platforms, the particular service is provided through one of a number of security mechanisms. The security application layer is dependant on the service being accessed and encrypts all communications from the client connection point to the AppServe Service.
- For email services accessed through a Web browser, Secure Sockets Layer (SSL) technology is utilised
- For users accessing our Secure Private Cloud solutions, the connection is encrypted across the RDP connection. With a key length of 2048
- Where users access our Mac Hosting Services, all network communications between a client and host computer are encrypted using 128 bit AES technology. Authentication credentials are protected by 2048 bit RSA public keys
- The implementation of the security layers, protects user information using both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorised persons
- Passwords and credit card information are always sent over secure, encrypted SSL connections. No credit card information is stored within AppServe systems and all transactions are handled by third party service providers who are PCI-DSS compliant.
Our data centres are located in two geographically separate regions Brisbane and Sydney. Our Brisbane Data Centre (Tier 3) is located outside of the 100 year flood zones. In Sydney we utilise Equinix SY2 and SY4 data centres (Tier 1). All data remains in Australia and remains under Australian privacy laws.
Our data centres are designed to achieve maximum uptime, stability and redundancy, and features the following specifications:
- Redundant Climate Control systems to maintain ideal operating conditions
- Raised flooring
- UPS (Uninterruptible Power Supply) in N+1 redundant configuration
- Backup Diesel Generators
- APC Power Distribution Units
- Dual VESDA with Overhead, Underfloor and Return Air Sensors
- FM-200 Gas Suppression
- Swipe card with PIN and Video surveillance
- All servers are kept in locked racks.
- Firewalls restricts access to all ports except those required by the service(s) (for instance 3389 (RDP), 80 (http) and 443 (https)). Access is provided on a minimal basis
- Intrusion detection systems and other systems detect and prevent interference or access from outside intruders
- Host Based Intrusion Detection solutions are deployed across the Infrastructure
- Host Based Intrusion Prevention and Anti-Virus solutions are deployed across the Infrastructure
- All data is stored on servers located in Australia
- Backups occur on a regular basis internally (frequency dependant on the solution)
- Data stored on a RAID 10, 6 or 5 arrays (dependent on the solution/ service provided).
- Access controls to sensitive data in our databases and systems are set on a need-to-know basis
- We maintain and monitor audit logs on our services and systems
- We maintain internal information security policies, including incident response plans
- Patch Management procedures are in place with the latest patches are applied to all operating system and applications
- Billing data is encrypted.
Availability and Our Network
Our services are provided over a Tier 1 network in Australia. The network reach includes some of the best Internet pipes to both New Zealand and the United States, should clients be located in these domains. With our investment in this infrastructure it provides greater redundancy, uptime and performance for our client base.
- Tier 1 Internet access provider
- Uptime monitored constantly by both internal mechanisms and external parties, with escalation to AppServe staff
- Servers have redundant internal and external power supplies and networking infrastructure
- Our technology stack runs on a combination of HP Server and Storage infrastructure and our networks are powered by Cisco and HP equipment. Completely redundant components are used through-out to ensure client uptime
- We provide a 99.95% SLA uptime (excluding scheduled maintenance or updating of server/ service infrastructure).
Handling of Security Breaches
Despite all parties best efforts, no method of transmission over the Internet, or method of electronic storage, is perfectly secure. Therefore, we cannot guarantee absolute security. You can read more about AppServe’s obligations within our Terms and Conditions.
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your system, to keep any data you download to your own computer or key to our solutions away from prying eyes. We offer a number of security mechanisms (such as SSL to secure the transmission of data), but it is your responsibility to ensure that that feature is enabled on your connection. You can read more about our customer’s obligations within our Terms and Conditions.