Secure Hosting Protocols
Secure Hosting Protocols
Tickety Boo treat client data with an exceptional level of importance. The security levels that we maintain are equal to many of the world's leading suppliers of IT services. We understand the growing moral and legal responsibility Tickety Boo has to it’s clients to ensure their data is as secure as possible.
The current industry standard for a website developer is to host their websites on shared servers with a hosting company. In reality this means that hundreds of other other suppliers share the same server. We feel this is an insecure approach as one infected website can easily infect other websites on the same server. Their data protection is only limited by the lowest protected website on a shared server.
To combat this threat each website, CRM or SaaS system that Tickety Boo host is hosted on it’s own servers which insulates it from such vulnerabilities. Each server in turn is protected by its own firewalls which specifically relate to the service being provided by the server. Access is only available by the users email and secure password. There is NO FTP or route access available, this insulates the data from attack.
In line with Google best practice all of our hosting is provided within the United Kingdom with regular backups.
As an extra safeguard against hacking, data loss and website attacks each website is protected by a global protection network. Used by companies such as Cisco, IBM and Zendesk it allows your users faster access to your website and services from anywhere in the world but also protects your data. Powered by 165 global data centres it enables you to:
Increase the performance of your website
Stop website attacks before they get to your website
Identify bots and searches which are not genuine
Protects your DNS services
The data centres are managed by one of the premium providers in the world and co-located in some of the most respected data centre facilities. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorised entry.
The infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilising the principle of least privilege. All access to the ingress points are closely monitored and are subject to stringent change control mechanisms.
Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. We consider any system which houses customer data that we collect, or systems which house the data customers store with us to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.
Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.
Systems controlling the management network log to our centralised logging environment to allow for performance and security monitoring. Our logging includes system actions as well as the logins and commands issued by our system administrators.
The Data support staff utilises monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviours are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.
SERVER SECURITY & EMPLOYEE ACCESS
The security and data integrity of customer servers is of the utmost importance. As a result, the technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.
Backups are stored on an internal non-publicly visible network on NAS/SAN servers. We can directly manage the regions where backups exist which allows us to control where their data resides within the data centres for security and compliance purposes.
UNITED KINGDOM INFORMATION COMMISSIONER
Tickety Boo are registered and regulated by the Information Commissioner's Office (ICO) to store and handle personal data. Please visit ico.org.uk/register to visit the online register. Certificate ZA151271
ISO/IEC 27001:2013 CERTIFICATION
Our hosting is certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognised information security controls framework, audited by a third-party, our hosting has demonstrated a commitment to protecting sensitive customer and company information. That commitment doesn’t end with a compliance framework, but is a necessary baseline for security.
EU-U.S. AND SWISS-U.S. PRIVACY SHIELD CERTIFICATION
Our hosts are an active participate in and comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce and the European Commission. The framework provides the hosts a mechanism to comply with data protection requirements when transferring personal data.
DATA CENTRE COLOCATION ATTESTATIONS AND CERTIFICATIONS
All of our data centres are independently audited and/or certified by various internationally-recognised attestation and certification compliance standards.
We understand that the level of security provided by Tickety Boo is far greater than the average website and hosting provider. But we understand that new data security legislation will force current providers to meet these high standards, much like the new GDPR regulations. However we believe the moral and legal ramifications for losing data are worth our investment now rather than to wait for such legislation.