Security at all Levels

Our managed software services include hundreds of security best practices as standard across multiple layers of software and infrastructure components.

Accreditations

Our approach to security best practices begins with a robust implementation of the BS EN ISO/IEC 27001:2017 standard. We are also commited to providing a high-level of security as standard for all our customers. It is rare today that the entry-level customer gets a similar level of security as the enterprise customer but it is part of our commitment to all our customers.

BS EN ISO/IEC 27001:2017 Certificate Number 240476

Network

Our ready-to-go, managed software services use virtual networks which are namespaced and all traffic ingress and egress is managed with localised access control lists. We select top tier cloud service providers to build our platforms with the highest levels of security at the Physical Layer, DataLink Layer and Network Layers. We operate modern, trustless networks with traffic managed by firewalls and segregation through namespacing or network peering and access control lists.

Zero Trust Network Access

Modern, trustless and secure network architecture.

Firewalls

Traffic Ingress and Egress is managed with a Firewall.

Namespaces

Managed Software Services are isolated in network namespaces.

Access Control Lists

Access Control List manages traffic ingress and egress from the namespace.

Host

Host security includes security features from Layer 1-3 which are provided by our Cloud Service Partner. We use virtualisation and this includes the compute and network capability provided by the partner. Each managed service uses a dedicated host and encryption keys. Storage including backups are encrypted using these keys which are created and managed by FIPS 140-2/FIPS 140-3 compliant hardware security modules (i.e. HSMs). We regularly maintain hosts and apply critical security updates within 24 hours.

Host based isolation

Each managed customer has a dedicated Host.

Encrypted Storage

Storage including backups is encrypted with dedicated keys.

Hardware Encryption

Private keys are created and validated by FIPS 140-2 compliant HSMs.

Regular Security Updates

Critical vulnerabilities are patched within 24 hours.

Application

The main ojective is to ensure the reliability and integrity of the application, limit the potential for exploits, upgrade the capabilities of applications and enable integration with third party applications. We provide a high-level of security out-of-the-box, including SAML, OAUTH, User Registration and Forgot Password workflows. Our web application firewall detects and prevents brute-force attacks, cross-site-scripting attempts and cross-site request forgery.

TLS

All Layer 7 services use modern TLS encryption protocols.

Web Application Firewall

All internet traffic is inspected at the edge with a managed WAF.

Layer 7

Access to your own services is through a managed load balancer.

Brute-force Detection

Blocks access to applications for minutes based on multiple failed authentication requests.

XSS and CSRF Protection

Protects your applications from attacks or exploits.

Separation of Concerns

With our CICD services (i.e. the managed jenkins service ) we segregate the agents from the controller with apis and remote peered virtual networks.

IP Whitelisting

Access from your ready-to-go, managed software services can be limited by ip whitelists.

Role-based Access

Limit access to the least privileges to ensure your team can be productive.

Identity Management

Including SAML, OAUTH, Registration and Forgot Password flows.

Password Strength Policy

Configure password strength policy and prevent weak passwords.

Bring your own Auth

Centrally manage users and reduce the overhead of user management.

User Management

Users can manage passwords, register and login to all your Servana Managed Software Services.