Cloud Security

Data Centre Physical Security

Datum360 hosts Service Data in Amazon Web Services (AWS) data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn more about Compliance at AWS.

AWS infrastructure services include backup power, HVAC systems and fire suppression equipment to help protect servers and your data. Learn more about Data Centre Controls at AWS.

On-site Security
AWS on-site security includes a number of features such as security guards, fencing, security video feeds, intrusion detection technology and other security measures. Learn more about AWS physical security.

Data Hosting Location
Datum360 leverages AWS data centers in the United States, Europe, and Asia Pacific.

Network Security

Dedicated Security Team
Our Support Team is on call 24/7 to respond to security alerts and events.

Protection
Our network is protected using key AWS security services, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.

Architecture
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilised within the Internet, and internally between the different zones of trust.

Network Vulnerability Scanning
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.

Third-Party Penetration Tests
In addition to our extensive internal scanning and testing programme, each year Datum360 employs third-party security experts to perform a broad penetration test across the Datum360 Production and Corporate Networks.

Security Incident Event Management
Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers that notify the Security team based on correlated events for investigation and response.

Intrusion Detection and Prevention
Service ingress and egress points are instrumented and monitored to detect anomalous behaviour. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.

DDoS Mitigation
Datum360 uses AWS scaling and protection tools to provide protection along with our use of AWS DDoS-specific services.

Logical Access
Access to the Datum360 Production Network is restricted by an explicit need-to-know basis, utilises least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing theDatum360 Production Network are required to use multiple factors of authentication.

Security Incident Response
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

Secure InformationEncryption

Encryption in Transit
All communications with Datum360 UI and APIs are encrypted via industry-standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and Datum360 is secure during transit. For email, our Platform also leverages opportunistic Transport Layer Security (TLS) by default. TLS encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol.

Encryption at Rest
Service Data (including backup and snapshots) is encrypted at rest in AWS using AES-256 key encryption

Availability & Continuity

Disaster Recovery
Our Disaster Recovery (DR) programme ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.

Find out more about our security features:

• Secure Information
• Application Security
• Product Security
• Human Resources Security