1. Home
  2. Admin User
  3. Security
  4. Security Overview

Security Overview

Contents

SECURITY OVERVIEW

CRM-service Oy recognizes that the confidentiality, availability and integrity of our customers’ information are vital to their business operations. We use a multi-level security approach to protect key information, constantly monitoring and improving our application, systems and processes to meet the growing demands and challenges of security. This document outlines some of the mechanisms and processes we have implemented to help ensure that your data is protected. Our security practices are grouped in four different areas: Physical Security, Network Security, People processes, Software security and Redundancy and business continuity.

Secure data centers

Our customers expect 24.7.365 availability. CRM-service data centers consist of two high-quality data center premises located in Finland. Data center facilities are geographically separated (direct distance over 140 km). See data center overview document for more information.
Physical security

  • Concrete-walled Data Center premises
  • Computing equipment in access-controlled steel cages
  • Video surveillance throughout facility and perimeter
  • Automatic anti-burglary alarm systems
  • Data Centers engineered for local seismic, storm, and flood risks
  • 24.7.365 security, including foot patrols and perimeter inspections
  • Access control system with triple electrical door access

People Processes

Designing and running data center infrastructure includes latest technology, policies about escalation, management, knowledge sharing, risk, as well as the day to day operations. CRM-service’s security team has years of experience in designing and operating data centers and continually improves our processes over time.

  • Select Employees. Only employees with the highest clearance have access to our data center data. Employee access is logged, and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need such access to provide support and troubleshooting on our customers’ behalf.
  • Audits. Audits are regularly performed and the whole process is reviewed by management.
  • As-Needed Basis. Accessing data center information as well as customer data is done on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.

Redundancy and business continuity

  • Environmental control redundancy. Data center premises are equipped with humidity and temperature control systems. Cooling systems are redundant (N+1).
  • Power redundancy. CRM-service configures its servers for power redundancy – from power supply to power delivery. We use underground utility power feed and redundant (N+1) UPS systems. Power distribution units and diesel generators (N+1) are also redundant.
  • Internet redundancy. High-speed connections to the outside world have a key role in a server room devices. We ensure data connections by using several operator independent networks.
  • Redundant network devices. We use redundant internal networks with redundant network devices. Networks are built based on cross-connected 400Gbps switches.
  • Fire detection and suppression. Data centers are equipped with duplicated fire alarms and automatic fire gas extinguishing systems. All structures are fire resistant.
  • Data protection and backups. See more in section Data protection and backups

Secure system usage and sessions

  • Connection to the CRM-service environment is via TSL 1.2 cryptographic protocols
  • Individual user sessions are identified and re-verified with each transaction, using a unique token

Network security

  • Firewalls block unused protocols
  • Intrusion detection detects and alerts security events
  • A third-party service provider continuously scans the network externally and alerts changes

Service production

  • All servers and networks run on redundant environments
  • Service runs on VMware and Harvester HCI based servers
  • Enterprise level SAN NVMe disk systems

Data protection and backups

  • Backup in storage level SAN (Dell PowerStore) in use
    • All data is backed up once per hour as a snapshot. Retention time is 24 hours.
    • All data is backed up once per day as a Secure Snapshot. Retention time is 5 days.
    • All data is on Dell PowerStore Metro Clusters providing:
      • Zero-downtime Storage Area Network
      • Disaster Avoidance and Continuous Availability
      • On-demand Load Distribution
    • Data at Rest Encryption (D@RE) uses FIPS 140-2 validated Self-Encrypting Drives (SEDs) for storage (NVMe SSD). Encryption level is 256-bit AES.
    • Secure Snapshots – This provides line of defense against ransom attacks and accidental deletion of snapshots, volumes, volume groups, and file systems.
  • Backup in external backup system (Veeam Backup & Replication) in use
    • All data is backed up once per day in a different data centre. Every backup copy will be stored for a period of 30 days. Backup copies will be also stored for 30 days after the Service has ended and thereafter removed automatically.
    • End-to-end encrypted backups
    • Dedicated backup servers in secondary datacenter
    • Dedicated storage system for backups in secondary data center
    • Encrypted data in backup storage

Software security

  • Our Security persons monitor notification from various sources and alerts from internal systems to identify and manage threats.
  • The system is protected against unauthorized access.

HIGH AVAILABILITY DATA CENTERS

Our customers expect 24.7.365 availability. CRM-service data centers consist of two high-quality data center premises located in Finland. Data center facilities are geographically separated (direct distance over 140 km). Data center I is master data center and Data center II is backup and recovery data center.

All of CRM-service products are hosted in our own server and network infrastructure. The infrastructure for databases and application servers is managed and maintained only by CRM-service named employees.

  • Data center I obeys very important facilities (TIA-942, Tier-3 level). Security class requirements of telecommunications companies 48B/2004M regulations set by Finnish Communications Regulatory Authority
  • Data center II obeys very important facilities (TIA-942, Tier-3 level). Security class requirements of telecommunications companies 48B/2004M regulations set by Finnish Communications Regulatory Authority.

Safety and high availability 24/7

Security is based on high level physical, power and data connection security.

Physical security consists of many factors. Data center compliance standards include TIA-942 (Tier-3 level spaces), Katakri (increased / high level – security directions), VAHTI (directions to anticipate ICT crisis), Very important facilities 48B/2004M regulations set by Finnish Communications Regulatory Authority

In practice security is based on an extremely durable construction. Caves offer protection of risks as well as from people and natural disasters.

Every movement is observed by an electric access control and recordable video surveillance. Surveillance reaches from the outdoor to every single cabinet.

Data center devices have safety and reliable activities for maintenance and exception situations. All systems are designed at least duplicated and in most cases duplicated and n+1 redundant.

In case of fire there is an argon-based gas extinguishing system. It based on inert gas which is safe for people, devices and environment if system goes on.

High, consistent performance

All our servers are deployed on enterprise-grade hardware. Together with VMware and Harvester HCI platforms and pure NVMe enterprise level storage technology, our customers will get industry-leading performance at all times.

Energy efficient cooling

Energy efficiency is the most important properties for today’s data center premises. In the data center premises is fully doubled 1MW electrical system with UPS devices and generators. Energy efficient data center premises brings savings also for the customer.

High reliability is basic requirement for data center premises regardless of the situation. Data center premises maintenance redundancy is level Tier-3. All systems can be maintained without downtime and they are resistant to any single part of the system or more non-parallel systems failure.

Data center network

The data center networks are built based on cross-connected 100/400Gbps switches. Uninterrupted operation of telecommunications systems is a basic requirement. A redundant frame of rooms is made of 100Gbps Network’s switching devices which constitute more EAPS-security circle for data center premises.

Data center premise connections in routing level are verified always with routing address VRRP and a many redundant switches and routing devices on the network edge.

Internet connections

Redundant frame network guarantees reliable and safe connections to the world. High-speed connections to the outside world have a key role in a server room devices. We ensure data connections by using several operator independent networks.

Used Technology Partners

Our technology partners in virtualization platforms used in HW and SW are the words leading operators listed below.

Was this article helpful?
Yes No

Related Articles