A relationship of trust begins with transparency in security.
For your company they are annoying challenges.
For ours, challenges met.
From GlobalSuite Solutions we believe in security as a differentiating element in the search for trust by our customers. That is why our services and processes have been born taking into account this requirement since its design.
We have controls in our workplaces that prevent access by unauthorized personnel, both automated and face-to-face. This allows us to provide our services closely without leaving aside security.
Access by non-organizational personnel is under internal supervision, providing limited access in relation to the purpose for which they entered our facilities.
In all our centers we have physical controls that allow the detection of anomalies (CCTV systems, alarms, etc.) and react to them quickly.
To achieve a good service, GlobalSuite® uses three delocalized data processing centers that allow the provision of the service in the face of unavailability in any of them.
These data centers are internationally recognized for the quality and security in the provision of their services, having different certifications that require them to have top-notch controls for physical access to meet their commitments to ensure the security of the information that is hosted in them.
The security measures implemented range from rigorous access controls only by authorized personnel and at all times accompanied by internal personnel of the organization, to optimal management of environmental and supply conditions.
All access logs, including authorized personnel, will be available at any time and will be treated internally as a security incident within GlobalSuite Solutions to identify the root cause and prevent its future occurrence.
Our security strategy in the provision of services follows the principles of defense in depth, applying controls in each of the layers that result in a robust infrastructure on which GlobalSuite® is based.
Following this principle, in the first instance, in addition to the controls proposed by the different service providers that connect us to the Internet, we have Perimeter firewalls to prevent unauthorized access, also allowing the segmentation of the different components into separate networks, thus improving the efficiency and security of the information.
Our infrastructure is configured in high availability,to ensure the availability of the service in the event of physical or logical breakdowns. In the same way, active monitoring of all network elements is available to ensure their proper functioning and alert to possible suspicious activities or anomalies.
As an additional protection measure, the architecture has services that enable cleanup, network routing, and filtering to manage attacks from previous layers.
Our communications network has intrusion prevention and detection systems, with probes at both the network and host level (NIDS and HIDS, respectively). This architecture allows us to identify anomalos events both on the network and on the servers used to provide our service and act automatically in the face of malicious events.
In addition, the application has an application-level firewall,or WAF, that allows you to react to requests considered malicious against known or behavior-based attacks.
The infrastructure that supports GlobalSuite® has implemented mechanisms for the detection and prevention of intrusions, established from an architecture of IDSs in Host and Network (HIDS and HIPS).
All of this is centrally managed through our information management system and security events, or SIEM, which allows us to monitor and correlate the events produced by our agents, notifying in a timely manner and viewing in real time the actions.
The organization has a vulnerability management process that allows the implementation of the different changes reported by the manufacturers, as well as configuration failures that could lead to a security problem.
This process has several input activities, such as the detection of possible vulnerabilities by our internal team,an external team that performs periodic audits or by the manufacturers themselves using the communication channels arranged for this purpose.
These reviews are managed internally,also actively analyzing all external security reports and news or communications from stakeholders that could affect the infrastructure or the correct provision of the service.
All detected vulnerabilities, regardless of the origin of these, are prioritized, identified their root cause, put in place a contingency measure as quickly as possible to avoid the possibility of vulnerability, and finally, resolved.
All data has a backup that guarantees its availability. This support process includes a variety of strategies and policies that span the entire data cycle, from its creation to its destruction
Our replication policy includes storage in relocated centers, in order to prevent the loss of availability of the same in the event of an incident that entails the impossibility of providing the service from the main CPD. Our backup policy has associated activities that aim to ensure validation and correct restoration of information on a regular basis, thus eliminating possible errors in the replication process.
In order to prevent the loss of confidentiality of backup data, all of it is encrypted using secure standards, both at source and at destination.
Each of the three DPCs that make up the GlobalSuite infrastructure® has backup systems for power, temperature control, fire prevention; having different certifications that show the correct state of the security measures, being audited periodically.
Our business continuity process also accommodates internal services for the proper functioning of GlobalSUITE®, achieving a complete service resilience.
The production of a server to execute activities within the organization has a previous stage of “Hardering” that allows us to reduce vulnerabilities derived from the default configurations.
This Hardering process is constantly evolving, in parallel with the new services and vulnerabilities of the industry, however, always guided by the good practices of the CIS (Center for Internet Security) guides.
Our firm conviction for security and trust has crystallized in having an integrated management system that allows the governance of our processes and that is certified in ISO 27001, ISO 22301, ISO 9001, ISO 20000, ISO 37001, UNE 19601, ENS, among others. This framework provides us with the tools needed to address the organization’s objectives, manage risks, and define the necessary controls.