Data Security, Privacy & Protection


Protecting your KYC customer data & information along with uploaded documents in our KYCsphere Software-as-as-Service (SaaS) application, is our primary concern. The application uses a multi-layered security model that adheres to industry standards & best practices, to ensure data & information security of highest order. KYCsphere application and database servers are deployed at Microsoft® Azure Cloud (Azure) Platform-as-a-Service (PaaS) at Microsoft's own datacenters. Designed to provide "Defense in Depth", the Azure platform drastically reduces the risk of failure. If failure does occur of any one security mechanism, it would not be able to compromise the security of the rest of the environment. On Azure platform we can further control the exact jurisdiction and geo location within it, where our KYCsphere servers and your data would be co-located. This addresses concern of your data on the cloud being scattered all over the Internet.

Discussed below are the important KYC customer data & information security; SaaS privacy, protection & compliance areas of concern and counter measures that are inbuilt within KYCsphere and Microsoft® Azure service offerings:

KYCsphere Application Security

KYCsphere SaaS application in conjunction with Azure PaaS platform incorporates various security practices and features at the application layer to help ensure a security enhanced experience for all the KYCsphere customers. The application is architected & developed in such a way that it ensures secure usage of the application and suitable provision of administrative privileges to control and manage roles and permissions, across the different sections of the application.

  • Security-based Application Design: Prior to the release of KYCsphere version or any modifications within the live version, it is reviewed for its compliance to the current version of Microsoft's Security Development Lifecycles (SDL) management and the Trustworthy Computing. The reviews include threat models, code reviews and remediation plans. Testing of remediation is conducted prior to the release for deployment.
  • Identity and Access Management: The strongest security controls available are no protection against an attacker who gains unauthorized access to credentials or keys. Therefore credential and key management are critical components of the security design and implementation of KYCsphere. By design, the application ensures that only properly authenticated assigned end users & administrator entities are allowed access. For integration with customer’s core applications, Service Management API (SMAPI) provides web services via the Representational State Transfer (REST) protocol. KYCsphere provides access to users based on their IP addresses and can optionally integrate with your existing identity management solution. For example integration with Active Directory for single sign on, would allow you to maintain centralized control of user identity management.
  • Least Privilege Accounts: End users assigned to different roles are restricted to running under a low-privilege account by default. This enables them to perform all such compliance tasks that fall under their roles pertaining to their assigned duties, domains like branch & department that they are part of, groups & pools of similar job functions that they belong to, etc. This eliminates the potential risk of sophisticated attacks and other exploits, which require enhanced privileges. It also protects the customer's compliance infrastructure and confidential data within, from attacks by its own dishonest employees. Access to customer data by our development and support personnel is denied by default. When granted only after taking permission from the customer, access is carefully managed and logged.
  • SSL Mutual Authentication: All communications between KYCsphere application and Azure internal components are protected with SSL.
  • Encryption of Data: Encryption of sensitive data in storage and in transit is enabled within Azure to align with best practices for ensuring confidentiality and integrity of data. Internal communications are also protected using SSL encryption. Encryption algorithms like AES, that have years of real-world exposure and testing, are used. Additionally, a full array of cryptographic hash functionality including MD5 and SHA-2, to verify data correctness, create and validate digital signatures, and create non-identifiable tokens in place of sensitive data are used.
  • Deletion of Data: KYCsphere storage subsystem makes customer data unavailable when delete operations are performed. Successful execution of a delete operation removes all references to the associated data item and it cannot be accessed any further. All copies of the deleted data item are then garbage collected and purged. The physical bits are overwritten when the associated storage block is reused for storing other data.
  • Integrity of KYCsphere Application: Design of application, its configuration file and VM ensures full integrity of the application against unauthorized changes, while keeping the application and its database highly secure and scalable.
  • Audit Trails: KYCsphere implements multiple levels of monitoring of changes, logging audit trails and reporting, to provide visibility to customers.

If you would like to receive more details, please fill-in your name along with email & press the button on the right.

* Your Name: Send Me More Details
* Work Email:

Privacy Policy 

Azure Cloud Platform & Network Security

Microsoft® Azure platform uses a variety of technologies including Firewalls, Network Address Translation Boxes (Load Balancers) and Filtering Routers to create barriers for unauthorized traffic at key junctions to and within the datacenters. The back-end network is made up of partitioned Local Area Networks for web and applications servers, data storage, and centralized administration. These servers are grouped into private address segments protected by filtering routers. KYCsphere leverages entire security technology infrastructure deployed at Azure.

  • Secure Communication Channels: KYCsphere customers have the option to route their data through VPN or HTTPS secure channels. Core application backend systems can be fully integrated through the encrypted tunnel thus established through VPN.
  • Filtering Routers: Filtering routers reject attempts to communicate between addresses and ports not configured as allowed. This helps to prevent common attacks that use "drones" or "zombies" searching for vulnerable servers. These types of attacks remain a favorite method of malicious attackers in search of vulnerabilities. Filtering routers also support configuring KYCsphere back end services to be accessible only from corresponding KYCsphere front ends.
  • Firewalls & Intrusion Detection: Firewalls restrict data communication to (and from) known and authorized ports, protocols, and destination (and source) IP addresses. KYCsphere, proactively leverages a series of firewalls that monitor malicious connection activity and blocks any unauthorized data communication requests access attempts, suspicious activity and unexpected behavior. Azure Cloud further implements automatic counter-measures against several types of network attacks, including port scanning, IP spoofing and denial of service attacks. Microsoft Antivirus/Antimalware is built-in to its Azure Cloud Services to help identify and remove viruses, spyware and other malicious software to provide real time protection. Regular penetration testing, and forensic tools help identify and mitigate threats from both outside and inside of Azure.
  • Isolation of Cloud Aggregates: In Azure the root VM is isolated from the guest VMs and the guest VMs from one another, and is managed by the hypervisor and the root OS. The hypervisor and the root OS provide network packet filters that assure that the un-trusted VMs cannot generate spoofed traffic, cannot receive traffic not addressed to them, cannot direct traffic to protected infrastructure endpoints and cannot send or receive inappropriate broadcast traffic.
  • Cryptographic Protection of Messages: TLS with at least 128 bit cryptographic keys is used to protect and control messages sent between clusters within a given Azure datacenter where KYCsphere resides.
  • Software Security Patch Management: Security patch management, an integral part of Azure operations, helps protect systems from known vulnerabilities. The Azure platform utilizes integrated deployment systems to manage the distribution and installation of security patches for Microsoft software that KYCsphere relies on.
  • Monitoring: Security is monitored at Azure with the aid of centralized monitoring, correlation, and analysis systems. Pertinent and timely monitoring reports and alerts are furnished to us to take corrective action whenever needed.

If you would like to receive more details, please fill-in your name along with email & press the button on the right.

* Your Name: Send Me More Details
* Work Email:

Privacy Policy 

KYCsphere Customer Data Privacy, Compliance & Certifications

Customer data privacy is an integral part of KYCsphere deployed on Microsoft® Azure Cloud and its service lifecycle. Microsoft® Azure Cloud stores data across a global network of Microsoft-managed data centers. We are transparent in our privacy practices, offer customers choices such as where they would like to locate their data, methods of its transfer and storage and overall management and governance of the KYCsphere and its cloud environment within and outside Azure cloud.

  • Data Location: KYCsphere customers may specify the geos and regions wherein they would like to keep their data across Microsoft datacenters. Geos include United States, Europe, Asia Pacific, Japan and Brazil.
  • Data Transfer: Customer Data may be transferred within a geo (e.g., within Europe) for data redundancy or other similar purposes such as major data center disaster. Customer Data is not transferred outside the geo(s) that the customer specifies except where necessary to provide customer support, troubleshoot the service, or comply with legal requirements or where customer configures the account to enable such transfer.
  • Data Privacy Regulations Compliance: The E.U. Data Protection Directive (95/46/EC) and then General Data Protection Regulation (GDPR) sets a baseline for handling personal data in the European Union. To allow for the continuous flow of information required by international business (including cross border transfer of personal data), the European Commission reached an agreement with the U.S. Department of Commerce whereby U.S. organizations can self-certify as complying with the Safe Harbor Framework. Microsoft is Safe Harbor certified under the U.S. Department of Commerce. In addition to the E.U. Member States, members of the European Economic Area (Iceland, Liechtenstein, and Norway) also recognize organizations certified under the Safe Harbor program as providing adequate privacy protection to justify trans-border transfers from their countries to the U.S. Switzerland has a nearly identical agreement ("Swiss-U.S. Safe Harbor") with the U.S. Department of Commerce to legitimize transfers from Switzerland to the U.S., to which Microsoft has also been certified. The Safe Harbor certification allows for the legal transfer of E.U. personal data outside E.U. to KYCsphere deployed on Microsoft® Azure for processing with its Microsoft SQL Azure. Under the E.U. Data Protection Directive, Microsoft acts as the data processor, whereas the customer is the data controller with the final ownership of the data and responsibility under the law for making sure that data can be legally transferred to KYCsphere deployed on Microsoft® Azure.
  • ISO/IEC 27001:2005 Audit and Certification: KYCsphere is deployed on Microsoft® Azure Cloud, which goes through annual certification against the ISO/IEC 27001:2005, a broad international information security standard. The ISO/IEC 27001:2005 certificate validates that the internationally recognized information security controls as defined in this standard are implemented, including guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization.
  • SOC 1 and SOC 2 SSAE 16/ISAE 3402 Attestations: KYCsphere deployment platform Microsoft® Azure Cloud has been audited against the Service Organization Control (SOC) reporting framework for both SOC 1 Type 2 and SOC 2 Type 2. The SOC 1 Type 2 audit report attests to the design and operating effectiveness of Azure controls. The SOC 2 Type 2 audit included a further examination of Azure controls related to security, availability, and confidentiality. Azure is audited annually to ensure that security controls are maintained. Audits are conducted in accordance with the Statement on Standards for Attestation Engagements (SSAE) No. 16 put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) and International Standard on Assurance Engagements (ISAE) 3402 put forth by the International Auditing and Assurance Standards Board (IAASB). In addition, the SOC 2 Type 2 audit included an examination of the Cloud Controls Matrix (CCM) from the Cloud Security Alliance (CSA).
  • Cloud Security Alliance Cloud Controls Matrix: KYCsphere's environment Azure Cloud has been audited against the Cloud Controls Matrix (CCM) established by the Cloud Security Alliance (CSA). The audit was completed as part of the SOC 2 Type 2 assessment. This combined approach is recommended by the American Institute of Certified Public Accountants (AICPA) and CSA as a means of meeting the assurance and reporting needs of the majority cloud services users. The CSA CCM is designed to provide fundamental security principles to guide cloud vendors and to assist prospective customers in assessing the overall security risk of a cloud provider. By having completed an assessment against the CCM, Azure offers transparency into how its security controls are designed and managed with verification by an expert, independent audit firm.

If you would like to receive more details, please fill-in your name along with email & press the button on the right.

* Your Name: Send Me More Details
* Work Email:

Privacy Policy 

KYCsphere on Azure Availability, Fault-Tolerance & Redundancy

One of the main advantages provided by cloud platforms is robust availability based on extensive redundancy achieved with virtualization technology. KYCsphere deployed on Azure cloud offers numerous levels of redundancy to ensure maximum availability of customer's data.

  • Availability: Data is replicated within Azure to three separate nodes to minimize the impact of hardware failures. Further, the geographically distributed nature of the Azure cloud infrastructure could be leveraged by creating a second Storage Account to provide hot-failover capability to KYCsphere customers.
  • Fault Tolerance: The Azure is designed to be fault-tolerant and redundant, and therefore provides an ideal platform for KYCsphere application. From geographically diverse datacenter deployments to replicated role instances and storage, it provides required fault-tolerance and redundancy to KYCsphere SaaS application.
  • Service Redundancy: Each layer of the Azure platform infrastructure is designed to continue operations in the event of failure, including redundant network devices at each layer and dual Internet service providers at each datacenter. Failover is in most cases automatic, requiring no human intervention, and the network is monitored by the Network Operations Center 24x7 to detect any anomalies or potential network issues.
  • Disaster Recovery: The Azure platform runs across multiple datacenters around the world. In the event of a catastrophic failure involving an entire datacenter, the KYCsphere team could bring another instance of the application and database live from the backup location, in a matter of a few hours. This backup location also serves as an excellent option as Disaster Recovery (DR) & Continuity site for customer data.

If you would like to receive more details, please fill-in your name along with email & press the button on the right.

* Your Name: Send Me More Details
* Work Email:

Privacy Policy 

Divas Software, Azure Operations & Personnel Security

Developers and administrators are given sufficient privileges to carry out their assigned duties to manage the KYCsphere infrastructure. We deploy combinations of preventive, detective and reactive controls including tight access control to the application and sensitive data; mechanisms to detect malicious activity and multiple levels of monitoring, logging, and reporting. Additionally best practices are adopted to help protect against unauthorized developer or administrative activity.

  • Design of the Services: The KYCsphere deployed on Azure platform is designed to run without routine access of customer data by Divas Software or Microsoft personnel. Divas Software personnel only have access to application configuration, its update and monitoring its performance.
  • Incident Response: Azure platform has operations personnel managing it 24x7. If it is a security incident, the documented procedures to follow in the event, will be implemented by the operations personnel. Additionally, a full communication plan is in place and will likewise be implemented in the event of such a security incident.
  • Auditing: Divas and Microsoft administrative operations are audited. The audit trail can be viewed to determine the history of changes.
  • Background Check: All personnel of Divas Software are subject to a thorough background check that checks for ID Verifications; Address History Verifications for past 10 years and history of criminal records at local police stations.
  • Non Disclosure Agreement: All personnel are required to sign a strict Non Disclosure Agreement (NDA) on joining Divas Software. They are also required to periodically certify that they have read it, have been complying with it and would continue to do so in future.
  • Security Training: All personnel at the time of their induction at Divas Software are given comprehensive security training on intellectual property protection, customer data & information security; SaaS privacy & protection etc.

If you would like to receive more details, please fill-in your name along with email & press the button on the right.

* Your Name: Send Me More Details
* Work Email:

Privacy Policy 

Azure Data Center Physical Security

Once the security of KYCsphere application, its database and Azure platform on which it is deployed and the personnel who mange it, has been ensured, the final frontier of physical security of the entire infrastructure is taken care of.

  • Physical Security: Azure platform is deployed across a network of global datacenters, each designed to run 24x7, and each employing various measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters are compliant with applicable industry standards for physical security and reliability; managed, monitored, and administered by Microsoft operations staff. They are also designed for lights out operation.
  • Facilities Access: Microsoft uses highly secured access mechanisms, limited to a small number of operations personnel, who must regularly change their administrative access passwords. Datacenter access, and authority to open datacenter access tickets, is controlled by the network operations director in conjunction with local datacenter security practices.
  • Power Redundancy & Fail Over: Each datacenter facility has a minimum of two sources of electrical power, including a power generation capability for extended off-grid operation. Physical security controls are designed to "fail closed" during power outages or other environmental incidents. In case of fire or situations that could threaten life safety, the facilities are designed to allow egress without remaining exposed.
  • Media Disposal: Upon hardware systems end-of-life, Microsoft operational personnel follow rigorous data handling procedures and hardware disposal processes.

If you would like to receive more details, please fill-in your name along with email & press the button on the right.

* Your Name: Send Me More Details
* Work Email:

Privacy Policy 

< BenefitsFAQs >
 
© Copyright 2024 Divas Software. All Rights Reserved.