Our emphasis on security
The growing threat of increasingly sophisticated hackers and cyber-attacks constantly puts IT security to the test. Your website or application is your window to the world, and, for most organizations, critical for the success of their business. At the same time, we know being available on the Internet can expose your environment to attacks from those who want to harm or steal from your business. A successful attack can shut you down or severely restrict the availability of your mission critical applications, damaging your brand reputation, and ultimately inflicting an unacceptable loss of revenue. We at Basefarm are committed to providing the highest possible security for your environment.
Security is not a component, but something that must permeate all parts around an IT service. At Basefarm, we ensure that security is taken into consideration in every step of the service delivery. Basefarm is PCI DSS and ISO27001 certified and we believe that security is key to our customers, and we continuously work to improve the security of our customer solutions from both a vulnerability and operational perspective. A key part to ensuring security delivery of our services is our Basefarm Security Incident Response Team and Security Operations team.
Security across the entire service lifecycle
Few hosting providers offer full-coverage security in their operations. Thus, clients are often forced to consult safety experts when security concerns are forced upon them after a major incident or when they belatedly need to review their de facto operational security. We focus on security across the entire service lifecycle, which means that we are designing secure operating environments, have a full range of security services that we tailor to the needs of each customer, and can advise on security issues or concerns.
Secure operations – the benefits
We have extensive experience in setting up secure and robust operating platforms, and we ensure that security is taken into consideration from the beginning. Below, you can read more on how we work with security in every step of the service lifecycle:
Optimal Secure Solution - Our pre-sales engineers first examine your specific needs as a customer, and creates an architecture that will meet your requirements as well as giving feedback on how we believe your current environment could be improved upon (for instance; redundancy, dual data center solutions, private clouds, firewalls, backup, Web Application Firewalls, Intrusion Detection Systems, SIEM solutions, Vulnerability Assessments, DDoS protection, PCI DSS compliant enterprise solutions, disaster recovery, etc.). We ensure that you get high-end components, both hardware and software, together with the latest technology adapted to master the continuous stream of security challenges.
Accountability - We are responsible for the operation of your mission critical applications so that you meet both business and legal requirements. Once the solution is operational, security permeates our daily work, processes, and procedures—from incident handling to complex, yet stringent, change management. Your dedicated customer team delivers actionable feedback on your application code from the perspectives of security, stability, and performance.
If a security incident occurs, we follow our security-incident process promptly and professionally. All security incidents are reported to our SIRT, the Basefarm Security Incident Response Team, for further analysis. Our SIRT advise the responsible engineers in Basefarm operations.
Local physical security- We place our cloud infrastructure in our own secure data centers in Scandinavia and in the Netherlands, which allows you to control in which countries your data is being stored. We do have high physical access regulations and guard the facilities from intrusion.
Fast action- We keep you informed, in real time, if a security incidents should strike that affects your environment, so that you quickly can make decisions and take actions to minimize potential injury.
Preventive approach- We implement preventive measures to protect against future threats, in order for you to focus on your work while we make sure that you have the latest protection against various threats and vulnerabilities. For example, we ensure that our customers’ environments are patched regularly; either automatically or manually depending on each customer’s needs.
Basefarm Security Teams
Our Basefarm Security Incident Response Team (BF-SIRT), identifies, nullifies, and obstructs security threats. BF-SIRT consist of part time technical members from across our organization, for example Linux, Windows, DBA, Security Operations, Cloud and Network. We have opted to have our SIRT part time on dedicated days, to ensure that the security knowledge and experience is then also transferred back into our teams. Our SIRT continuously handles security incidents, and will when needed assist our system managers with vulnerability management. This is to ensure we have a proactive response to the vulnerability, rather than a reactive one when the vulnerability has already been exploited by an attacker. Detailed security-event data and security measures are reported to our customers.
Basefarm’s Security Operations consist of full time Security Engineers focusing on continuously implementing, improving and delivering security services for Basefarm to be used internally and for its customers. The members of the SecOps department are our Tier 3 security engineers with experience and GIAC certifications in IT-Forensics, Penetration Testing, GISP, CISSP, etc, and we have set our teams up with internal Red and Blue teams, to have specialized focus in each area.
Follow our SIRT-blog in order to get the latest updates on information security from Basefarm.+
Basefarm find collaboration in the security field to be a key to success, and have thus both joined and created multiple security forums. Basefarm's SIRT is a member of FIRST.org (Forum of Incident Response and Security Teams), which is an international organization for trusted SIRTs and CERTs (Community Emergency Response Team) that meet the stringent requirements needed to join this organization along with existing organizations that must sponsor you. International companies involved are for example Apple, AT&T, Interpol, Juniper, NASA and Symantec.
Basefarm’s SIRT is also a member of TF-CSIRT, a European organization for trusted SIRTs and CERTs that follow the same type of stringent requirements when joining the organization. Within this organization we can both share and receive information from a community of country CERTs and organizations.
Basefarm’s SIRT is also one of the founding members of Svenskt CERT-Forum, a national organization for trusted SIRTs and CERTS that meet the requirements of FIRST.org or TF-CSIRT. The members are organizations such as Försvarsmakten, MSB/CERT-SE, Swedbank, SEB, Handelsbanken, SUNET, Ericsson and Telia.
Through our memberships, we have access to multiple other organizations who focus on security, and we therefore get first hand insight on vulnerabilities and on-going attacks worldwide. We can therefore act fast and proactive in case of a cyber-threat, which allows us to secure our own and customer’s environment before issues become public knowledge.
ITIL is the industry best-practice framework for managing IT service delivery and operations. At Basefarm we have implemented mature and effective operational processes based upon the ITIL standards, that ensure the expectations of our customers are met and exceeded. This applies not only to Service Design and Service Operation but also through each phase of Service Transition, all with a keen observance of all security management principles. A sophisticated continual service improvement program means that we are always developing new methodologies to better support the needs and expectations of our customers.
Every situation and organization is different, and not all organizations require all security services. We recommend the security services we find appropriate for each situation, and here are some of the security services that we offer:
- Access control (VPN, multi-factor authentication, hardware security module)
- Advanced physical security (Hardware Security Module)
- Endpoint Security
- Disaster recovery and business continuity (storage and backup services, disaster recovery service)
- Encryption and signing services (Hardware Security Module)
- Managed Web Application Firewall
- Log management
- Network traffic monitoring (Network based Intrusion Detection System)
- File system monitoring (Host based Intrusion Detection System)
- Security monitoring and Log Analysis (security information and event management)
- Secure storage services (local storage of critical business data)
- Services for secure credit card and personal information (such as PCI DSS 3.0)
- Hardware and Software based Multi Factor Authentication
- Vulnerability assessment (our security department checks the state of your environment)