Cloud Security

Trust When You Need it Most

Offering a secure, resilient solution that allows your center to operate anywhere with confidence while prioritizing data security and privacy.

Secure Solutions You Can Trust

Your emergency communications center can depend on a solution firmly grounded in security, resilience and redundancy, so your team can:

Work from anywhere with a secure internet connection
Rely on 99.999% uptime in the cloud for voice calls through APEX
End dependency on physical data storage space
Provide the security of AWS GovCloud

Your center’s security and privacy controls are one of your key priorities. Carbyne is committed to securing your application’s data, eliminating system vulnerability, and providing continuity of access by:

Helping to protect the confidentiality, integrity, availability, and privacy of our customers’ personal and internal data.

Providing our customers with service continuity in a highly secure and reliable environment.

Compliance

ISO 27001

Information Security Management System (ISMS) covering infrastructure, datacenters, and services. Carbyne cloud service has been ISO 27001:2013. This security standard outlines the requirements for information security management systems and is the highest level of global information security standard available today. This certification provides our customers the assurance that Carbyne cloud service meets stringent international standards on security.

ISO 27017

We comply with ISO/IEC 27017, an international standard that provides guidelines for information security controls specifically for cloud services. This certification enhances our ability to protect your data in the cloud, addressing unique security challenges and providing robust protection against unauthorized access and breaches. We continuously update our practices to align with these guidelines, confirming your information remains secure in the cloud environment.

SOC 2 Type II

Internal controls report capturing how a company safeguards customer data and how well those controls are operating. Carbyne cloud service is audited annually against the Service Organization Control (SOC) 2 Type II reporting framework by qualified independent auditors. The scope of audit for Carbyne cloud service covers key compliance controls and objectives applicable to in scope trust principles. A copy of Carbyne cloud service SOC 2 Report can be requested via Carbyne Sales Account Team point of contact.

HIPAA and HITECH

Health Insurance Portability and Accountability Act. Carbyne has implemented safeguards to adequately protect Protected Health Information (PHI) that may be captured by Carbyne products and stored in Carbyne Systems. Carbyne can enter into Business Associate Agreements with customers who are covered entities or business associates under HIPAA and expect PHI to be processed or stored within Carbyne Systems. Contact your Carbyne Sales Representative for more information.

CSA STAR (CAIQ) Level 1

Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). Additionally, Carbyne has achieved Cloud Security Alliance (CSA) STAR Level 1 which addresses fundamental security principles across 16 domains to help cloud customers assess the overall security risk of a cloud service. STAR encompasses the key principles of transparency, rigorous auditing, cloud security and privacy best practices, and harmonisation of standards outlined in the Cloud Controls Matrix (CCM).

Operational Security

We continuously implement advanced security controls and maintain vigilant monitoring across all physical locations, networks, and IT assets. This proactive approach allows us to detect and mitigate potential threats swiftly. Through the use of cutting-edge technologies such as real-time threat intelligence, network intrusion detection systems (IDS), and endpoint protection solutions, we can identify malicious activity before it poses a risk. Additionally, our team conducts regular security audits and vulnerability assessments to ensure compliance with industry standards and to fortify our defenses against emerging cyber threats.

Network Security

Once physical security is addressed, it is critical to ensure a robust network security posture. To this end, Carbyne has instituted the following measures:

Host Intrusion Detection System: Carbyne leverages OSSEC as its Host based Intrusion Detection System that performs log analysis, integrity checking, registry monitoring, rootkit detection, real time alerting and active response.
Firewalls: Carbyne leverages the firewall solution provided by the cloud service provider. By default, the cloud instances are configured in a default deny-all mode and Carbyne opens only the ports needed to allow inbound traffic depending on the customer requirements.
Cloud Networking (VPC and Virtual Network): For single-tenant based deployment, Carbyne employs a Cloud Networking approach in order to launch an isolated network specific for a customer.
Network Security: AWS utilizes a wide variety of automated monitoring systems to provide a high level of service performance and availability, including the ability to set custom performance metrics thresholds for unusual activity.
Networking Access Control: Cloud instances hosting Carbyne solutions are located inside a private subnet, and it is not possible for non-Carbyne applications to connect to them remotely from the internet outside of the Carbyne solutions.

Authentication/Universal Login

Multi-Factor Authentication: Enhances security by allowing only authorized individuals access to Carbyne’s products, adding an extra layer of protection.
Role-Based Authorization: Allows you to assign access to specific individuals for different types of business transactions, ensuring only authorized actions are performed.
Flexible Authentication Methods: Carbyne provides a variety of authentication methods, including SAML, OAuth, Password-based, and Single Sign-On (SSO). These methods can be individually enabled or disabled for an account. For users who authenticate with a username and password, there is an option to enable two-factor authentication (2FA) for an added layer of security during sign-in.
Single Sign-On (SSO): Allows users access to multiple applications with one set of login credentials (e.g., name and password). The service authenticates the end user for all the applications they have been given rights to and eliminates further prompts when the user switches applications during the same session. This simplifies the user experience and increases security.

Data Security

Carbyne provides security and privacy of user information by encrypting data on all servers at rest (AES-256) and in transit (TLS v1.2), to protect data at all times. User passwords are hashed and salted with a modern hash function.

Vulnerability Management

Application Security Testing: All code is tested for application security flaws such as those described by OWASP (Open Worldwide Application Security Project) Top 10. Carbyne uses application security testing tools and works with third party security experts to review our design, code and implementation.
Penetration Testing: On a periodic basis, Carbyne conducts third-party penetration tests in different sandbox and production environments. These assessments are organized with consultation from customers so that the testing team has complete access to uncover any vulnerabilities.

Availability, Monitoring, and
Capacity Planner

Load Balancing: For more secure load-balancing than on-premise solutions, Carbyne uses Cloud Load Balancing to manage and distribute traffic to different instances across all availability zones within the region in which the Carbyne solution has been deployed.
Failover & Disaster Recovery: Take advantage of our cloud provider’s multiple regions and availability zones with Carbyne architecture, designed to distribute applications across multiple availability zones and regions. This provides the ability to remain resilient in the face of most failure modes, including natural disasters or system failures.
Monitoring and Alerting: Carbyne utilizes controls capable of warning of potential threats or misuse of the system. Each service in the Carbyne environment is monitored for operational effectiveness and availability. Metrics include, but are not limited to, network connectivity, CPU utilization, memory utilization, storage utilization and service status. Any failure generates alerts that are pushed to the operations team by email and SMS. Carbyne’s operations team is available 24/7 to help deal with the alerts
Capacity Planning: our allocated resources stretch as demand increases, with Carbyne’s auto-scaling and dynamically-allocated resources.

Corporate Security

Malware Protection

All company-provided workstations are enrolled in Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) solutions to enforce security settings, including full-disk encryption, screen lock, and OS updates.

Risk Management

All Carbyne product changes must go through code review, CI, and a build pipeline before they reach production servers. Only designated employees on Carbyne’s operations team have secure shell (SSH) access to production servers. We perform testing and risk management on all systems and applications on a regular and ongoing basis. New methods are developed, reviewed, and deployed to production via pull request and internal review. New risk management practices are documented and shared via staff presentations on lessons learned and best practices.

Security Policies

We maintain and update our security policies regularly, covering the following key areas:

Access Management
Change Management
Data Request
Data Management
Information Security
Incident Response
Policy Management and Maintenance
Risk Management
Vendor Management
Vulnerability Management

References

Carbyne uses best practices provided by AWS to ensure highest security and has referred to the following documentation while developing the security architecture.

https://aws.amazon.com/security/security-resources/

Carbyne has also undergone a thorough well-architecture review process from AWS which is based on the four pillars—security, reliability, performance efficiency, and cost optimization.

Scroll to Top