Recently I was discussing the 10 questions to ask yourself when selecting a compliant archiving system. In response to that post, a few people have asked about our security framework. In this post, we’ll take a closer look.
We have always taken data security very seriously. Over the years a security framework has evolved to deliver that security. Though constantly evolving, there are eight key components of it today.
Compliant storage not only ensures compliance with regulations but also ensures records are not alterable, in any way, for a predefined period of time known as the retention period.
Penetration testing is a form of security testing where there is a planned and authorised attempt to simulate an attack on the system. This identifies weaknesses and opportunities to gain access to the system or its data. Of course, it also validates the system's strengths.
Threat detection is provided using analytics and machine learning. Security logs are evaluated to identify threats in real time and, when necessary, elevated to one of our cyber defence centres to respond as appropriate.
Hand in hand with real-time threat detection is real time intrusion detection. Intrusion detection prevents security breaches by real-time inspection of inbound/outbound messaging to detect and respond to any threats.
All intransit dataflows between the customer and the the secure data centre and on the storage device itself makes any intercepted data unintelligible, it is effectively deleted. Of course, that encryption needs to be effective, which is why we selected 256 bit AES encryption.
Security application testing requires that all code is subjected to automated testing for security vulnerabilities. When vulnerabilities are detected, they are subjected to an evaluation and prioritisation process which then feeds the process of vulnerability remediation.
Security environment testing requires the environment be constantly subjected to security testing. When a vulnerability is identified, it is subject to a similar process of evaluation and remediation as described above.
With these elements Micro Focus’s Digital Safe protects our customer’s information. Stay tuned for more in the coming months on the development of the framework.
Remember, I am always looking for feedback and ideas; if you have any questions or areas you would like me to explore, please feel free to reach out to me.
 AICPA, “SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy,” 2018, https://www.aicpastore.com/AST/Main/CPA2BIZ_Primary/AuditAttest/IndustryspecificGuidance/PRDOVR~PC-0128210/PC-0128210.jsp.
 “Announcing the ADVANCED ENCRYPTION STANDARD (AES),” 2001, https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.