Data privacy and security are an essential aspect of the Pellustro cloud offering. Pellustro is constantly improving its security procedures in order to guarantee the best possible security standards.

Platform

Hardware & Datacenter

As explained in the Infrastructure section, Pellustro works closely with Amazon AWS to provide a flexible and secure environment.

In this case, Amazon AWS only delivers the IaaS platform (physical) for the Pellustro cloud:

  • Data center
  • Server hardware
  • Network infrastructure

Physical access to the servers is subject to the privacy statements of Amazon AWS.

Servers

A lot of measures have been taken to separate and protect the infrastructure of each individual customer:

  • Our cloud servers run in a private VLAN (Virtual Local Area Network), making them entirely isolated from other AWS network infrastructure.
  • The system can only be managed through a dedicated management server. Access to this server is only possible for Pellustro employees through unique public-private keys. 
  • Direct access to a customer virtual machine is not possible.
  • Backups are encrypted using the AES-256 algorithm and a unique secure password.

Mitigation of attacks

All our systems are hardened by multiple penetration tests and best practices which exist specifically for the cloud :

  • The operating system on the virtual machines is updated every 6 months to incorporate all latest security updates.
  • Critical security updates are implemented within 2 business days (if applicable). Established sources for these critical security updates are constantly tracked.

  • A program called 'Lynis' is used to further check and harden our servers. More information can be found here: http://rootkit.nl/software/lynis/
  • Linux Firewall: Deny ALL by default and allow ONLY what is necessary.
  • SSL/TLS communication provides encrypted data transfer and host validation in order to mitigate 'Man-in-the-middle' attacks.
  • We test our websites SSL standards with the following website: https://www.ssllabs.com
  • All customer data is protected by highly secure (random) passwords

  • Different passwords are used for VMs, Database, Management Server and Backup Encryption

 

Element 22 Employees

Element-22 is aware that, when it comes down to security, people are often the weakest link. 

  • Every Element-22 employee signs an NDA contract concerning all company and customer data.
  • Before new employees are hired, background checks are done, to the best of our abilities.
  • All desktops and laptops used by Element-22 employees are encrypted using a unique (randomly generated) key.
  • We have several roles in Element-22, and only qualified people will have access to the customer VM.
  • An employee termination process is in place in order to remove all access to Pellustro internal services and data.

Password Management

All customer data is protected by highly secure (random) passwords. Different passwords are used for:

  • Virtual Machine running the application
  • Database
  • Administrator access to the application
  • Backup encryption

Database, virtual machine and backup passwords are only accessible by senior management and infrastructure support employees.

Application administrator passwords are only accessible by senior management and application support employees.

Additionally, temporary access to the necessary passwords is provided to development or pre-sales employees to solve specific problems in case of emergency.

Employee Training

Employee training are organized internally during Q4 of every year. This training covers the following topics:

  • Data Privacy and Data Security awareness and best practices

  • Securing your desktop/laptop

  • Cloud infrastructure

New employees are given this training within the first 3 months of their employment.