Nakisa Cloud Security

Your Security is Our Priority.

The Nakisa Cloud delivers software-as-a-service so that your company can easily and quickly solve some of its toughest technological challenges. The Nakisa Cloud gives you access to cloud benefits while maintaining the security and data privacy benefits of an on-premise deployment as well as offering better global performance, and reduced dependency on your internal IT department.

Our cloud technology eliminates the need to purchase, install, and maintain servers to host Nakisa’s solutions, and at the same time, you receive seamless upgrades and the fastest path to deployment.

We know that for all businesses, big and small, robust security measures are one of the most important requirements when entrusting a third party solution provider with your information. At Nakisa, we are firmly committed to quickly and effectively delivering our solutions to our customers, while ensuring that their data is secure and protected at all times.

NAKISA CLOUD SECURITY

Our Nakisa Cloud offering relieves your operational burden by operating, managing, and controlling the components, from the physical server, to the host operating system, down to the physical security of the facilities in which the services operate.

By partnering with leading cloud service providers, you benefit from a secure home for your data. Our partners provide a dedicated inbound firewall that is configured in a default deny-all mode; protection from DDoS attacks; and physical monitoring such as smoke detection and fire suppression, environmental monitoring, and security & surveillance.

Nakisa is SOC 2 Compliant.

As the security and privacy of your data is our priority, we take every step necessary to assure our customers of this commitment. This includes voluntarily undergoing the lengthy process of obtaining SOC 2 certification.

System and Organization Controls 2 (SOC 2) was developed by the American Institute of CPAs (AICPA), with goal of ensuring service providers are responsibly and securely managing the data of their clients. As part of the SOC 2 requirements, companies are required to implement and adhere to strict information protocols including the security, availability, processing integrity, confidentiality, and privacy of client data.

Third-Party Security Measures.

Nakisa’s datacenters employ a variety of security mechanisms, covering both physical access and virtual access. Our datacenter providers are all certified by independent auditors and third-party organizations so that we can provide our global clients with the best security measures available.

Nakisa Cloud’s service providers comply with the following standards:

C5 [Germany]
Cyber Essentials Plus [UK]
DoD SRG, FedRAMP, FIPS IRAP [Australia]
ISO 9001, ISO 27001, ISO 27017, ISO 27018
MLPS Level 3 [China]
MTCS [Singapore]
PCI DSS Level 1, SEC Rule 17-a-4(f), SOC 1/2/3.

Some of our 3rd party physical security measures are:

Our datacenters employ 24x7 on-site security including personnel, motion detection, a badge access system and closed-circuit video monitoring.

Access to areas containing corporate servers is restricted to authorized personnel via elevated roles granted through the badge access system.

Uninterruptible power and backup systems as well as fire/flood detection and prevention.

SLA & AVAILABILITY

Our cloud solution offers reliable, consistent access to your data with competitive availability rates, SLAs, and proactive monitoring of the systems. Network and systems engineers monitor the status of these automated tools on a daily basis.

Nakisa Service Level Agreement (SLA).

While our configuration management process and proactive monitoring prevent most issues from affecting you, we are prepared to respond when an event causes downtime for your system. We are pleased to solve any issues based on our industry standard response times, however we understand that some issues require immediate attention. Thanks to our escalation policy, you can rest assured that the required resources will be allocated for a timely resolution when needed.

Availability.

Nakisa maintains an uptime availability of 99.5%* excluding:

Factors outside of Nakisa’s reasonable control
Scheduled downtime
Downtime caused by natural disasters, and superior force

*Uptime availability may vary as per contract.

NAKISA CLOUD FAQ

What information security policies exist in your organization?

Information security policies are available for employees and contractors through internal and external portals, and available on request for third-parties. The following information security policies are in place, as a part of SOC2 certification:

Incident Management Policy
Change Management Policy
Risk Management Methodology
Access Management Policy

What is the embedded security model?: Nakisa Cloud is built on the shared responsibility model with leading and trusted cloud service providers, they are responsible for the security “in” the cloud while Nakisa is responsible for the security “of” the cloud.

How is customer privacy and data secured?: Nakisa Cloud is a single-tenant solution, with all customer data isolated, segregated, and encrypted using unique key encryption for each customer.

What security components/firewalls protect your software?: Nakisa Cloud environments are not publicly accessible and can only be accessed via a Virtual Private Cloud (VPC). Additional protection is provided by ACL (access control list) firewall rules that only allow traffic from specified ports to and/or from specific destination. Access is exclusively via HTTPS and is done using a reverse proxy to protect the environment from the outside world.

What are your encryption processes and capabilities?: Data is encrypted in transit using standard secure web protocols and at rest using cloud service providers volume encryptions. The encryption method and key management infrastructure is administered by our cloud service providers.

Does your system architecture include Host Based Intrusion Detection devices?: Nakisa works with trusted cloud service providers to constantly monitor the security of the environment, and we will take necessary corrective action to mitigate risk of intrusion.

What is your SLA for system uptime (system availability)?

99.5% excluding scheduled maintenance

Is there a documented change management procedure in your organization? Is security involved in the change process?: As a part of SOC 2 compliance we follow a diligent change management policy with procedures for segregation of duties. Security is a major component that could drive a change in the application to ensure that risks are treated in accordance to their evaluation.

How are backups taken, stored, and protected?: The high-availability, scalable, elastic environment provided by our cloud service providers provides automated, online, encrypted backup functionality to ensure that all data is redundantly stored and secured.

How does your organization identify and report Information Security Incidents?: As per SOC 2 compliance and the Nakisa Incident Management policy, a support case is triggered after each security incident. This support case provides details on the incident and flags the appropriate level of urgency. Resources are assigned as needed to each incident based on support triage.

Safely Delivering Our Solutions to You