1.- Physical security
The data centers used by the redgps platform are co-located with some of the world's most respected data center providers. We leverage the full capabilities of these providers, including physical security and environmental controls to protect our infrastructure from physical threats or impacts. Each site is staffed 24 hours a day, every day of the week, with physical security in place to protect against unauthorized entry. Security controls provided by our data center facilities include, but are not limited to: 24/7 physical security guard services Physical restrictions of entry to the property and facility Physical restrictions of entry to our co-located data center within the facility Full external and internal CCTV coverage for the facility Biometric readers with two-factor authentication Facilities are unmarked so as not to attract outside attention Battery and generator backup Generator fuel carrier redundancy Secure loading zones for equipment delivery.
2.- Infrastructure Security
The RedGps infrastructure is secured through a layered approach to defense in depth. Access to infrastructure data is via secure VPN, SSL and SSH. All of which have security policies in place to block unauthorized or erroneous access attempts. Preventing intruders from access attempts. Systems are protected by key-based authentication and access is limited by Role Based Access Control (RBAC). RBAC ensures that only users who require access to a system can log in. We consider all systems that host customer data that we collect, or systems that host data that customers store with us, to be of the utmost sensitivity. As such, access to these systems is extremely limited and closely monitored. In addition, hard drives and infrastructure are securely wiped before they are removed or reused to ensure that your data remains secure.
3.- Customer access security
The platform contemplates that its users and clients can access through secure solutions to the platform, this by means of SSL certificates and HTTPS connections. This type of technology ensures that the information traveling between the client and the server is secured and encrypted. Our websocket and webservice/API services also use the same HTTPS/SSL protocol to secure communication.
4.- Access registration
The systems that control the management network at RedGps connect to our centralized logging environment to enable performance and security monitoring. Our logging includes system actions as well as logins and commands issued by our system administrators. Our servers maintain a record of every access to the infrastructure as well as every action performed by every user who was granted access.
5.- Security control
The RedGps security team uses monitoring and analysis capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are conducted following our incident reporting and response procedures.
6.- Security and access to information
The security and integrity of our customers' data is of utmost importance at RedGps. As a result, only a portion of our technical support staff and engineers have access to user or customer information, and all access is monitored and logged by our system.
7.- System backup copies
The safeguarding of your information is very important to RedGps so we make backup copies of all our data, securely every 24 hours. The backups that are made daily of the information of the platform and its customers, is stored securely in an external datacenter that provides services, this in order to have quick access to information in the event that a recovery of any backup or the realization of a "disaster recovery" is required.