Here at Epsilon, the security, integrity, and availability of your data are our top priorities. We know how vital it is to the success of your business. To ensure you never have to worry, we use a multi-layered approach to protect and monitor all your information.
It is our goal to ensure minimal service impacts and downtime. Every component in the network and application infrastructure is redundant. All network devices, including firewalls, load balancers, and switches are fully redundant and highly available. Customers can see our system status in real-time on our Infiny network status page and help centre page, where we communicate all ongoing incidents.
Backups and Disaster recovery planning
Backups are taken frequently, encrypted in transit and are tested regularly as part of our business continuity and disaster recovery planning.
DevOps best practice
Our platform Infiny offers 99.99% availability, and our development team practices infrastructure-as-code, providing consistent deployment of tested application containers to our Amazon Web Services (AWS) based production environment. We utilise proactive monitoring and automated self-healing technology to ensure high speed recovery in the event of any temporary system loss of service.
Monitoring & on-call support
We monitor our network continuously from around the world, displaying, alerting, and reporting upon our entire technical environments in real-time. Supporting customers is a collaboration between our customer-facing support team and our software development and network engineering and field teams.
Infiny is hosted by AWS (eu-west-1). AWS maintains the world-leading hosting facilities which are secure, highly available, and redundant. For more information on AWS’s certifications and compliance programs, please visit https://aws.amazon.com/compliance/programs.
Applications that are hosted on-premise (E.g. CRM, Network Management & Monitoring Systems etc) are deployed within our own colocation facilities in London and Singapore.
Environmental and physical security controls
Epsilon colocation facilities maintain:
- Redundant HVAC (Heating Ventilation Air Conditioning) units which provide consistent and highly available temperature and humidity.
- Sensors detect environmental hazards. E.g. smoke and floor water detectors.
- Raised flowing protects hardware and network equipment. Fire detection and suppression systems with automatic sensing devices
- Redundant (N+1) UPS power subsystem with instantaneous failover.
- 24×7 onsite protection against unauthorised entry, secured by key card access, CCTV camera monitoring, multi-factor authentication is required for all visitors. Continuous monitoring for unauthorised access is done through video surveillance, intrusion detection, and a dedicated secure access control application
Infiny is a multi-tenanted Network-as-a-Service (NaaS) platform hosted in an AWS VPC. Customer data is stored in the same database but is logically separated to ensure secure access only for authorised users.
Infiny access is via TLS 1.2 encrypted connection. All communications over public networks to other network provider APIs is also conducted over https. Data shared with other Epsilon systems is via redundant Direct Connects to the Epsilon private network. Data transfer is over a secure socket in all cases.
Our private network is segmented into multiple security zones ensuring network traffic can be isolated to prevent access between network segments and to ensure users can only access specific network segments.
Systems are regularly scanned for common vulnerabilities and a patch programme exists to ensure all hosts are updated with the latest security patches
Incident management and response
Epsilon’s incident planning response plan and procedures ensure that all security incidents are promptly investigated, reported and remediated. The plan defines all steps to ensure a consistent process
Best practices are followed such as least privilege, central configuration management, stringent host and network firewall policies. Servers are patched on a regular schedule with high priority patches applied whenever new vulnerabilities are detected.
Our secure development policies ensure that developers are given training on secure coding. All Epsilon application code is written by Epsilon employees and changes have peer review before committing to source control and inclusion in a release candidate build. Security vulnerabilities are promptly triaged and patched.
Epsilon conducts regular penetration testing using CREST certified external security testers.
Strong password policies are enforced. Brute force attacks are mitigated by limiting failed login attempts. All applications ensure employ SSL certificates to ensure user credentials are strongly encrypted when in transit. Passwords are not stored in plain text. Passwords cannot by viewed via the UI, so if forgotten they cannot be recovered and must be reset.
Epsilon implements Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to ensure emails we send are authenticated as coming from Epsilon, helping to prevent spoofing and ensure authenticity.
In addition to developers receiving secure coding training, all employees participate in regular security awareness training including regular updates on security policy enhancements. Phishing simulations are routinely run and measured against industry benchmarks.
Epsilon offices are secured by key card access. Office networks are segmented and separated from our production network, centrally monitored, and protected by next gen firewalls.
Servers and employee workstations are monitored by industry leading anti-malware detection and prevention software and are centrally managed by IT. Employee workstations employee hard drive encryption.
While Epsilon maintains physical offices around the world, the continued operation of our business is not dependent on any one office. Our teams and infrastructure are distributed to ensure there is no single point of failure in our operations in the event of a disaster level event. Our products and customer services and overall business operations can manage uninterrupted by incidents at any one of our office locations.
We understand how important security, privacy and data protection are to customers. Which is why we hold certification to demonstrate our compliance.
Epsilon has been certified under the ISO/IEC 27001 standard since 2009 and has maintained it’s certification since including upgrade to the latest version of the standard. Epsilon’s security management system ensures that information security risks are continuously assessed and that appropriate policies and controls are in place to address them. Certificate available on request.
Epsilon is GDPR compliant as both a data controller and data processor of personal data under the General Data Protection Regulation.
Last updated on 22 April 2022