We are committed to providing our customers with a highly secure and reliable environment for its cloud-based application. We have therefore developed a security model that covers all aspects of cloud-based Loffa Interactive systems.
The security model and controls are based on international protocols and standards and industry best practices, such as ISO/IEC 27001, the standard for information security management systems (ISMS) and ISO/IEC 27018 , Security techniques- Code of practice for protection of personally identifiable information in public clouds.
As part of the company’s focus on security issues, the company security team performs on a regular basis:
- Monitoring and analyzing the infrastructure for suspicious activities and potential threats.
- Issuing periodic security internal review.
- Dynamically updating the security model and addressing new security threats.
- Systematically examining the organization’s information security risks, taking into account threats and vulnerabilities.
- Designing and implementing a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address the risks that are deemed unacceptable.
- Adopting an overarching management process to ensure that the information security controls continue to meet the organization’s evolving information security needs.
Protecting Customer Data
Secure Software Design
Physical Security Protocols
- Servers are locked inside the infrastructure in a designated area.
- The server area is cooled by a separate air conditioning system, which keeps the climate at the desired temperature to prevent service outage.
- The facilities are protected by a fire suppression system, which protects the computing equipment and has built-in fire, water, and smoke detectors.
- The facilities have on-site generators, which serve as an alternative power source.
- There is 24-hour video surveillance of all entrances and exits, lobbies, and ancillary rooms. The videos are recorded and monitored, and retained for later use.
DDoS mitigation: All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service to ensure high availability at all times, as well as prevent attacks and malicious activities.
Our systems are designed to ensure data is protected at all times. Specifically, we’re using TLS v1.2 with strong ciphers to protect data in transit, and AES-256 to encrypt data at rest. User passwords are hashed and salted with a modern hash function. File transfers are via Secure FTP, and files are further encrypted via pgp for in transit protection.
External Security Audits and Penetration Tests
System Monitoring, Logging and Alerting
Security Awareness and Training
Our engineering and operation teams keep their skills up to date regarding security best practices. We have coded many different online systems and are experienced in infrastructure security and systems security.