Toggle menu
  1. Community Area
  2. Release Notes
  3. Video Guides
  4. gossinteractive.com
  5. MyGOSS

Cloud Security Principles

Asset Protection and Resilience

User data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or seizure.

NCSC - Asset Protection and Resilience

The NCSC divide this principle into the following aspects.

Physical Location and Legal Jurisdiction

All data is stored, processed and managed in the UK. We are a UK-based service provider.

Data Centre Security

We use Amazon Web Services and Google Cloud Platform as our data centre suppliers. See aws.amazon.com/compliance/data-center/controls (opens new window) and cloud.google.com/security/overview (opens new window) for information about their security controls.

Using two suppliers allows us to remain cloud agnostic. This protects us against global issues, account compromises, security breaches and other risks that reliance on a single provider would bring.

AWS is used as a primary location for hosted services. GCP is used as an offsite backup repository and hosts Disaster Recovery environments.

Data at Rest Protection

As well as the physical access controls of the data centre, data is encrypted at rest using AES-256 encryption.

Data is backed up and restored using our own tooling, we do not directly store unencrypted files in either AWS or GCP. Files are encrypted locally using a key held in a secure vault before being synchronised to AWS's S3 service and GCP's Cloud Storage service.

For clients that have Disaster Recovery added to the service this data is restored and tested at least once every 24 hours, for all other clients restores are tested on an ad hoc basis.

Access to the data, and the keys used to encrypt them, is logged and audited.

Data Sanitisation and Equipment Disposal

AWS uses techniques described in industry-accepted standards to ensure that data is erased when resources are moved or reprovisioned, when equipment leaves service, or when you request it to be erased.

Physical Resilience and Availability

The combined use of Availability Zones, geographically distributed regions, and numerous AWS service features, provide us with the ability to design and architect resilient applications and platforms. We also commit to a hosting SLA and make historical network and service availability data available for you to review. All AWS and GCP services we utilise provide an availability SLA of at least 99.99% across the regions we utilise.

Backup and Recovery

Data from Production environments is backed up every night and stored in 4 weekly rotations (the retention period). Backups from other environments are made twice a week. We have a range of DR options available offering varying levels of RTO and RPO.

Previous : Data in Transit Protection Next : Separation Between Users
Print entire document (opens new window)
Last modified on August 27, 2024

Share this page

Facebook icon Twitter icon email icon

Print

print icon