Trust Center

Get access to this Trust Center
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Trust and Compliance

Security of our customers’ data as it passes through our network has always been a key consideration for us. We have built a multi-layer security model – providing enterprise-grade network security, physical security and access control, at our global points of presence.

Engraining security within our global network architecture, Software-Defined Network Platform and Operational Management, while leveraging a defense in-depth approach to security controls, enables us to maintain a robust security program that meets internationally accepted security practices and consistently exceeds our customers’ expectations.

Aryaka maintains an SSAE-18 SOC 2 Type II report and ISO/IEC 27001:2013 certification. We update our Cloud Controls Matrix to allow our customers to view our security controls. We also have a best-in-class Security Team led by our Chief Information Security Officer that takes a collaborative effort in maintaining our Security Program by engaging with other Aryaka Business Units.

Network Security

  • Aryaka’s private global network is a closed network.
  • Transport of any data through the Aryaka Network is done through enterprise grade encrypted tunnels. These tunnels are using industry standard IPsec technology and are established between each of the enterprise locations.
  • Traffic flowing in or out of Aryaka points of presence will always be secured by an IPsec tunnel.
  • A dedicated tunnel per customer at the core of the network provides traffic segregation.
  • IPsec includes a key management protocol that allows mutual authentication of devices to provide a secure management channel over which further protocol negotiation can take place.
  • The Aryaka Platform is secured against Distributed Denial of Service (DDoS).

Physical Security

  • Aryaka’s global Points of Presence are located in carrier-neutral data center facilities. All facilities are SOC2 and/or ISO27001 certified, ensuring the highest level of facility security.
  • All Data Centers are equipped with biometric access control and all networking equipment and servers are mounted in individually locked cages with key-code access.
  • All facilities are in non-descript buildings, and have 24×7 security staff on premises, along with perimeter security including bollards, CCTV and Badge access to facility.
  • Two factor authentication and approved personnel list are mandatory prior to gaining access to the facility.
  • All facilities are equipped with dual power supply and redundant equipment.

Access

  • Only approved Aryaka personnel have access to the production environment.
  • Access to production environment requires Aryaka personnel to work in a specific job function.
  • All Aryaka personnel have a completed Background Check.
  • Security controls for access include least privilege and logging enabled.
  • Access to the production environment is from approved laptops and network leveraging SSH bastion host for secure channel.

Certifications and Documentation

Security controls, in addition to the above, are listed in some documentation supported by Aryaka. This documentation includes the following:

  • ISO 27001:2013
  • SSAE-18 SOC 2 Type II Reports against Aryaka’s policies and processes
  • Cloud Controls Matrix (CCM)
  • Consensus Assessments Initiative Questionnaire (CAIQ)
  • Third party network scan reports available within 48 hours upon request

Aryaka Security Council

Aryaka takes a collaborative effort in maintaining our Security Program by engaging with other Aryaka Business Units. To accomplish this, Aryaka has a council that meets on a regular basis to review the security program that includes but is not limited to the following:

  • Collaborative Consensus based Forum on existing and future security controls
  • Forum for continuous improvement on Security Program covering people, process and technology
  • Risk Based, cost-effective controls and measures to address the security threats of today and tomorrow allowing Aryaka to continue to focus on improving on what we already have.

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
SOC 2 Logo
SOC 2
CSA STAR Logo
CSA STAR
Get access to this Trust Center
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access
CSA STAR
ISO 27001
ISO 27001 SoA
SOC 2
CAIQ
Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
Asset Management Policy
Business Continuity Policy
Data Classification Policy
Encryption Policy
General Incident Response Policy
Information Security Policy
Network Security Policy
Physical Security
Risk Management Policy
Software Development Lifecycle

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective12 hours
See more

Product Security

Audit Logging
Multi-Factor Authentication
Service-Level Agreement
See more

Reports

Network Diagram
Pentest Report
Security Whitepaper
See more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Encryption-in-transit
See more

App Security

Responsible Disclosure
Code Analysis
Credential Management
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
BC/DR
Data Center
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Firewall
Wireless Security

Corporate Security

Email Protection
Employee Training
HR Security
See more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
See more

If you think you may have discovered a vulnerability, please send us a note.

Powered BySafeBase Logo