Jolokia's Security Policy



Jolokia's Security Policy

The Challenge of Enterprise Video Streaming

Our Data Centers are housed in SSAE-16 Type II facilities with traditional locks, electronic locks, biometrics, access controls, video surveillance systems and 24/7 human security guards. Fire suppression, HVAC, redundant power feeds, battery backup and redudant onsite generators augment the centers. Background checks are performed on security staff.

Hosting Network

Our network is powered by Open Source Firewalls and Routers. These are audited by the global open source community and because of this have a track record of speedy security fixes, work arounds for unpatched vulnerabilities and are not veiled by corporate secrecy when flaws are found. Our network is protected by IDS systems that monitor for unusual or unexpected activities. Firewalls are maintained in between the Internet and the hosting networks. Depending on configuration hosts are protected by at least one firewall from other hosts, if the customer is on a segmented VLAN they are protected by a multi-tier firewall system.

Hosting Systems

Our virtualization platforms are all running the latest industry tested virtualization hypervisors. These hypervisors are hardened and patched on an ongoing basis. Each of these hosting systems is maintained on a secure network and is manageable only via secure protocols.

Hosted Virtuals

Virtual machine OSes are all hardened with the same level of detail as our hosting systems. Each hosted virtual is protected by at least one firewall. These hosts are scanned on a regular basis using industry standard scanning tools to be sure that no new vulnerabilities exist in the system. All systems are patched on a regular basis as vulnerabilities are discovered and fixed.

Applications

Depending on the specific service level the scope of our security may include applications. As with both the Hosted Systems and Hosted Virtuals, we perform regular scans and checked of installed applications that are under our control. We patch this applications as new vulnerabilities are fixed and we apply workarounds as necessary when unpatched vulnerabilities exist. We also deactivate unnecessary applications whenever possible and use the firewalls to implement protections for applications that do not need to be accessed remotely.

Security Patching

By constantly updating our security systems, we ensure optimum protection for our customers. We monitor and address emerging threats, and quickly process and apply new security patches.

Intrusion Detection

We use the latest in open source intrusion detection systems. Using the open systems we can modify the detection process to meet our specific needs. We examine specific information from identified points in ingress and egress. We employee detailed monitoring to alert of us any unusual or unexpected activity. We use scanning tools to examine applications for flaws on a regular basis. Logging tools are used to quickly process the vast amount of logging we have to provide valuable and actionable information to our engineers.

Forensics

In the event of a security breach comprehensive post-incident examinations designed to reduce the risk of future threats are conducted. We have qualified incident analysis engineers who have been performing computer forensics on staff. These engineers also work with law enforcement on an ongoing basis.

Pre-deployment Testing

Before we deploy new systems, we subject them to thorough scans and vulnerability tests. Newly deployed systems are histrionically monitored as they begin their term of service. In pre-deployment systems are configured using a configuration script to be sure that our systems are configured in the same manner on each deployment.

Qualified Engineers

Our engineers are hand picked from industry experts. Each has different certifications depending on their specialty. Don't get us wrong here, certifications can be had with enough study by non-experts. We hire from a pool of engineers that have proven records of excellence and only come with recommendations from individuals who are close to our organization.

Data Center Facility Access

Customers are not granted access to our Data Centers. All work in our Data Centers is performed by our staff of engineers each of whom has thorough and ongoing background checks.