Username and password based access to INCITE Keystone applications are provided via our online portal which is the central point of contact for all applications. Communications between the client web browser and INCITE Keystone web servers are restricted to only allowing 128-bit SSL based encryption. Should the web browser attempt to access via unsecured means, redirection to the secure environment will automatically take place. Within the INCITE Keystone applications, multiple user levels form the basis of a security model which provides access only to the functions and data required by each user and company, thus restricting access to unauthorised data. A cascading series of administrator rights ensures that user configurations are only performed by authorised and trusted personnel. INCITE Keystone applications have been developed in keeping with the Open Web Applications Security Project (OWASP) ideal. This project highlights the most critical web application security flaws which have been addressed by the INCITE Keystone products.
Availability of INCITE Keystone is monitored from our 24/7 Network Operations Centre (NOC) using industry leading monitoring and alerting tools. A perimeter security implementation protects the INCITE Keystone applications through industry certified security hardware firewall services and secure access control systems. Our servers are networked across multiple physical tiers of firewalled services to further mitigate the risk of malicious attacks on INCITE Keystone applications. Active threat mitigation is performed at the network level through the use of network intrusion prevention and at the server / host level through the use of host intrusion prevention.
The INCITE Keystone applications and data servers are securely hosted in ‘Class A’ data centres. The primary hosted locations are in Australia and Hong Kong while our disaster recovery location is in Australia. Both data centres feature fully-redundant communication links, air-conditioning, uninterrupted power supplies, diesel generators and dual fed power feeds. Data centres also have 24-hour security staff, CCTV cameras and infra-red motion detection equipment. Physical access by authorised personnel is strictly controlled by hand scanners, proximity cards and bi-locked equipment racks. Data centres are also monitored 24 hours by the Network Operations Centre (NOC) via the CCTV system. Full disaster recovery plans are also in place in the event of a large scale incident.
- Enforced 128-bit SSL-based encryption on all INCITE Keystone applications
- Multiple tiers of firewall services
- Host and Network Intrusion Prevention
- Role-based access models limit access to functionality and data
- User account and password management follow internationally-recognised best practice
- Full logging of all changes and activities within INCITE Keystone application and supporting infrastructure services
- Hosted within Secure ‘Class A’ data centre hosting for applications and data, managed to international security and environmental standards (air conditioning and fire detection)
- 24/7 availability and security monitoring with automatic alarms / alert
- 24/7 Network and building access monitoring
- Periodic and ad-hoc security audits performed by third-parties’ security agencies
The INCITE Keystone application suite uses high performance hardware to meet the intensive input / output (I/O) required. All backup technology employed is scalable and based on current LTO standards. Backups are performed using centralised management and contain secure archiving of historical data. Backups and data archiving are performed on a regular schedule.