Physical and Operational Security
- Infrastructure is physically secure in Amazon data center, for more details, visit Amazon Website
Network Security
- Dedicated firewalls on all publicly facing servers.
- AWS ACL + Windows firewall – only required channels are open
- AWS Firewall + Windows firewall. HTTPS 443 access only to Frontends. Backend server is closed for any remote connection except a custom RDP port
- Encrypted data transfer via HTTPS (256-bit SSL Godaddy certificate)
- Secure, private sub-net provides a secure connection to transfer data between data centers
Application Security
- Vulnerability scans of all systems ensured for compliance by Eset
- All system access via Secure Socket Layer (SSL)
- Role Based Access Control (RBAC)
- Password Policy Control; Set Password expiry time, enforce strong user passwords
- Disable user feature- immediately lock down
- IP Restriction option: Limit users to specific range of IP addresses
- Support SAML
Data Security And Data Isolation
- All customer data stored securely and kept confidential per the Terms of Service
- In Orcanos’ single-tenant environments, customer data resides in a unique, separate database and seperate file system.
Internal R&D Procedures
- Our R&D machines are all protected with a commercial up-to-date Antivirus software
- All files uploaded to the cloud by a secured connection
- All files uploaded to the cloud and to the upgrade server are automatically scanned by Antivirus before uploading
- Orcanos Company is behind a firewall
- Passwords are changed periodically
Data Access
Only a select group of Orcanos’ employees have access to our production environments and only after undergoing thorough background checks. We provide on going training for our employees regaridng how to maintain customer confidentiality and how to handle sensitive data.
Each admin group has its own individual credentials
OS Patching
Orcanos is patching the servers on a monthly basis. Orcanos is making sure the official MS updates are installed on both Frontends and Backbends
Topology
The system is hosted on AWS Cloud – EU-Central.
The system is built from IIS as front-end and SQL database servers in the back-end.
OS / SQL Version:
The server’s OS is Server 2012 R2
The SQL version is 2012R2 STD
Currently the system is deployed in a single region but the topology supports multi-region scalability both for Frontend and Backend.
Schematic View of AWS Infrastructure
Orcanos Backup Center (RTO)
| Content | Backup intervals | Backup method | Backup location |
| SQL databases | Every 6 hours | SQL Internal Backup | Local Drives |
| SQL databases | Every 6 hours | CrashPlan | Offsite backup – CrashPlan datacenter US |
| IIS Application | Every 15 minutes | CrashPlan | Offsite backup – CrashPlan datacenter US |
| Virtual Machine Instance | Weekly | AWS Snapshot – automatic | AWS |
Retention:
All the data that is arriving at CrashPlan has infinite retention, and data will be stored without version limit.
Virtual Machine Snapshots are kept for 2 months
Monitoring: CrashPlan is being monitored by Migdal Computing Solutions (http://www.migdalcomputing.com/) on a daily basis.
Disaster Recovery (RPO)
Although the Orcanos system is built on the most reliable and stable cloud system “AWS”, we still have all the procedures in place to insure recovery in case of disaster / accidental damage / malicious damage.
| Scenario | Action Items | Recovery time |
| Database corruption (accidental or malicious ) | Recover via SQL Management studio from local backups | Up to 60 minutes |
| IIS corruption (accidental or malicious) | Recover via CrashPlan | Up to 360 Minutes |
| Virtual Machine EC2 instance corruption | Recover from snapshot + recover from CrashPlan the latest backup set | Up to 1 working day |
| Complete AWS region failure (Highly not likely) | Install new IIS & SQL servers + recover from CrashPlan the latest backup set and re-configure the servers | Up to 2 working days |