Fuga B.V. in Alkmaar, Nederland.

Fuga Cloud Security measures

Security measures

Processor has taken the following security measures:

Definitions:

1.1 The definitions of Fuga Cloud security measures apply to the following document.

1.2 The term data centers refer to the data centers used by Fuga Cloud.

1.3 The term Network & infrastructure refers to the service we offer and not the customer-created networks within Fuga Cloud.

1.4 Fuga Cloud Infrastructure as a Service (IaaS) platform:
The offering and maintenance of the infrastructure which by Fuga Cloud is made available to customers on the basis of a virtual platform. We do not refer to the virtual resources and servers that the customer has allocated on the Fuga Cloud IaaS platform.

1.5 Additional services:
These are additional security measures that apply to the services we offer our customers.

Data centers

  • Burglary protection by 24x7x365 monitoring through security guards and camera surveillance; intrusion detection and alarm; strict access control through authorization list, access cards and secure ports.
  • Power supply by means of high capacity and at least N+1 redundant power supply; emergency power via autonomous generators and on-site fuel storage and 24x7x365 delivery; completely separate power distribution via A and B feed to rack infrastructure.
  • Fire protection through fully analogue addressable fire detection system in all rooms; smoke detection system; gas extinguishing system in technical rooms.
  • Cooling via high-capacity cooling facility and cooling units, at least N+1; management of temperature and humidity through CRAC units.
  • Certifications: at least ISO 9001, ISO 27001; OHSAS 18001; PCI-DSS; ISO 14001

Network & Infrastructure

  • Cabling in server rooms is separated; separate bundles for power cables and for fiber optic cables or UTP network cabling.
  • Network equipment is spread over multiple data centers, redundancy is present at the level of routers, core switches, internal and external connections (multiple connections to transit suppliers and Internet Exchanges), geographically separated routes between multiple data centers. The entire network is based on dynamic routing in order to automatically route other components of traffic around the failed components in case of component failure.

Fuga Cloud IaaS (Infrastructure as a Service) platform

  • All mission critical components of the platform, for running our Fuga Cloud IaaS platform, are redundant (N+1).
  • Anti-DDoS infrastructure protects critical parts of the network and other infrastructure.
  • Logical access via password policy and / or VPN keys, access lists on Fuga Cloud information systems, firewall, logging of Fuga Cloud information systems and detection systems for certain unauthorized changes.
  • Network segmentation through the use of VLANs.
  • All servers necessary to make the Fuga Cloud IaaS platform available are equipped with a firewall.
  • Update firmware and operating systems of the Fuga Cloud infrastructure to mitigate critical security risks and data leaks.
  • Active monitoring on mission critical platform components.

Organization

  • ISO 27001 and NEN 7510 certification on all services.
  • Confidentiality of employees and third parties engaged, certificate of good conduct obligation for all employees.
  • Security officer within the organization, security awareness training for all employees.

Additional services

  • Anti-DDoS service to protect servers and the platform of customers.
  • Redundant storage for customers (N+2).
  • Availability Zones for the redundant execution of services across multiple logical compute groups.
  • Security Groups act as virtual firewalls for instances and other resources on a virtual network.
  • By default all instances are only accessible through asymmetric cryptography and Secure Shell. These settings can be adjusted as desired.