Trust and Compliance
Security of our customers’ data as it passes through our network has always been a key consideration for us. We have built a multi-layer security model – providing enterprise-grade network security, physical security and access control, at our global points of presence.
Engraining security within our global network architecture, Software-Defined Network Platform and Operational Management, while leveraging a defense in-depth approach to security controls, enables us to maintain a robust security program that meets internationally accepted security practices and consistently exceeds our customers’ expectations.
Aryaka maintains an SSAE-18 SOC 2 Type II report and ISO/IEC 27001:2013 certification. We update our Cloud Controls Matrix to allow our customers to view our security controls. We also have a best-in-class Security Team led by our Chief Information Security Officer that takes a collaborative effort in maintaining our Security Program by engaging with other Aryaka Business Units.
Network Security
- Aryaka’s private global network is a closed network.
- Transport of any data through the Aryaka Network is done through enterprise grade encrypted tunnels. These tunnels are using industry standard IPsec technology and are established between each of the enterprise locations.
- Traffic flowing in or out of Aryaka points of presence will always be secured by an IPsec tunnel.
- A dedicated tunnel per customer at the core of the network provides traffic segregation.
- IPsec includes a key management protocol that allows mutual authentication of devices to provide a secure management channel over which further protocol negotiation can take place.
- The Aryaka Platform is secured against Distributed Denial of Service (DDoS).
Physical Security
- Aryaka’s global Points of Presence are located in carrier-neutral data center facilities. All facilities are SOC2 and/or ISO27001 certified, ensuring the highest level of facility security.
- All Data Centers are equipped with biometric access control and all networking equipment and servers are mounted in individually locked cages with key-code access.
- All facilities are in non-descript buildings, and have 24×7 security staff on premises, along with perimeter security including bollards, CCTV and Badge access to facility.
- Two factor authentication and approved personnel list are mandatory prior to gaining access to the facility.
- All facilities are equipped with dual power supply and redundant equipment.
Access
- Only approved Aryaka personnel have access to the production environment.
- Access to production environment requires Aryaka personnel to work in a specific job function.
- All Aryaka personnel have a completed Background Check.
- Security controls for access include least privilege and logging enabled.
- Access to the production environment is from approved laptops and network leveraging SSH bastion host for secure channel.
Certifications and Documentation
Security controls, in addition to the above, are listed in some documentation supported by Aryaka. This documentation includes the following:
- ISO 27001:2013
- SSAE-18 SOC 2 Type II Reports against Aryaka’s policies and processes
- Cloud Controls Matrix (CCM)
- Consensus Assessments Initiative Questionnaire (CAIQ)
- Third party network scan reports available within 48 hours upon request
Aryaka Security Council
Aryaka takes a collaborative effort in maintaining our Security Program by engaging with other Aryaka Business Units. To accomplish this, Aryaka has a council that meets on a regular basis to review the security program that includes but is not limited to the following:
- Collaborative Consensus based Forum on existing and future security controls
- Forum for continuous improvement on Security Program covering people, process and technology
- Risk Based, cost-effective controls and measures to address the security threats of today and tomorrow allowing Aryaka to continue to focus on improving on what we already have.
If you think you may have discovered a vulnerability, please send us a note.