Vaultastic enterprise vault is built with a multi-layered security framework as outlined below – making it one of the most secure cloud based email archiving vaults out there.
Hosted on AWS, Vaultastic enterprise vault leverages its certified security framework for securing the infrastructure resources, to ensure you have the most secure vault.
Geographical Region: The deployment of your Vaultastic domain is on the AWS data centers either in the APAC region (Singapore) or you can choose to deploy it at the Mumbai AWS data center.
VPC/WAF: Access to Compute resources, Storage and Applications is only through a Private network using the Network firewalls built into Amazon VPC, and web application firewall capabilities in AWS WAF, adding to Vaultastic’s credentials as the most secure email archiving service.
IAM (Identity and Access management): Provides secure access to operational teams to manage the resource groups.
Hardening: By using best practices for securing the OS in the enterprise vault services, the servers are hardened during deployment, to reduce risks that arise from having a larger surface of vulnerability i.e. a server doing more than it is supposed to do.
Data Storage: The Vaultastic Security framework deploys a tiered data store or a multi storage vault, with strong Encryption, Access Control and Virtual Separation on the information to allow only authorized apps to access relevant data. Infrastructure and support staff have no access to the data.
Data Durability: With the help of AWS storage services, customers are guaranteed 99.99999999999% durability of data. AWS durability is widely known, and forms a cornerstone of Vaultastic’s services.
Tamper Proof: Access to the data archived is from a read-only Self-service portal eliminating the chance of malicious or accidental deletion of mail from the Enterprise email security server.
Authorisation: The Access Control module hardens the Vaultastic services to limit Access to only the required services from trusted networks. Administrators can control the access to individual Vaultastic accounts.
Authentication: Users are required to securely authenticate before they can use any service. Strong Password Policies control the authentication, which include minimum length, complexity, history, age etc.
Account Lockout: This capability further protects services from DDOS attempts. Multiple invalid attempts can result in an automatic account lockout which only an administrator can re-open.
Encrypted Network traffic: Encrypting the client-server and server to server communication over TLS, eliminates the risk of sniffing and tapping. Essentially all connections to and from the servers occur over SSL.
Self Service portal: Access to the data archived in Vaultastic is from a read-only Self service portal eliminating the chance of malicious or accidental deletion of mail. Further application controls can limit the access by disabling operations such as export, mailing etc.
Policy control: Vaultastic controls Mail traffic, Information theft and Resource overuse by deploying extensive and granular mail flow policies. It has come under observation that a lot of security threats come from an unharnessed system. This allows all and sundry to send any kind of mail to anybody (internal or external).
DDOS attack control: Vaultastic enterprise vault also comes equipped with an Attack Control mechanism to Detect and Control Internal Spam/DOS attacks. Vaultastic deploys throttling and flow rate control mechanisms to disable such attacks before they bring down the system.
Role based administration access: The administration console via the GUI is secured with role based access.
Audit logs: Audit logs are available on demand to track administrator and end user activity on the Vaultastic domains.