We design and build systems that have security built in. Using our ReadyScale platform design as a foundation, we’ve helped clients develop infrastructures that are Level 3 PCI DSS compliant, and ones that have satisfied auditors under GxP and GAMP guidelines.
For the most part, security comes down to good operations practices. Stable tools and resources plugged together in the right way and regularly patched and upgraded create an infrastructure suitable for any organisation with a medium security posture.
Highly regulated industries, such as finance, pharmaceuticals or insurance, demand a little more thought and planning to comply with regulations. Especially if you want a system that doesn’t trade off compliance against agility.
Build security in from the start
When we build an infrastructure we add any good security practices that can’t easily be retrofitted as standard. This guarantees that, even if compliance guidelines change, your system can be adapted.
We can also code security and compliance into your infrastructure, making automated security testing part of your deployment pipeline.
Become more agile without compromising security
Compliance regimes are often seen as a barrier to agility. They needn’t be. Intelligent infrastructure design and electronic tools can address many compliance issues. They can make compliance systematic, reducing the risk of human error, cutting the need for paperwork, and streamlining workflows.
Support high compliance needs
All the systems we design and build include:
- Secure AWS accounts or virtual private cloud (VPC) design
- Secure network design
- Host and network firewalls
- Access to secure network only by VPN
- Encrypting all data at rest
- Encrypting management service traffic in transit
- Central user identity and password management
- An audit trail for all AWS changes (CloudTrail)
- Role-based access control to sensitive resources.
For organisations that must take a high security posture to comply with standards such as PCI DSS, GxP and HIPAA we would also include:
- Two-factor authentication on admin users
- Egress traffic filtering / virus scanning
- Web application firewalls
- Anti-virus scanning of hosts
- Intrusion detection