Security

Network and Monitoring:

  • Unique VPN profiles are maintained to limit access to the minimum necessary
  • All production systems continuously monitored by a system with SMTP and SMS alerting capabilities
  • Custom and automated checks performed within the system to monitor specific elements
  • Web portal available for DIG staff to perform real-time status checks
  • DIG’s system itself monitored externally by our data center NOC to ensure that all systems remain available
 

Data Availability and Backups:

  • Data maintained on systems using redundant disk arrays and redundant power supplies
  • Systems backed up to tape nightly (AES 256 bit, hardware-based encryption)
  • Backups monitored and verified with monthly restore capability testing
  • Tapes rotated offsite to ensure availability in the event of a physical disaster

Authentication, Authorization, and Auditing:

  • Within production infrastructures, maintained via active directory infrastructure or AAA servers
  • Unique usernames and passwords are required
  • Access limited to least privilege
  • Audit logs from servers, firewalls, IDS, etc, reviewed each week by IS team
 

Secure File Transfer:

  • Data transfers into or out of DIG’s infrastructures use session layer encrypted tunnels via SFTP or HTTPS
  • Access to these systems requires unique usernames and passwords

Physical Security:

DIG maintains private rack space in a Tier III colocation facility to host all production infrastructures.
  • Unmarked facility manned 24/7
  • Monitored by external and internal video surveillance
  • Perimeter access via card swipe/PIN combination and/or escorted and assisted by a facility engineer
  • Interior access to data center controlled via card swipe/PIN combination into a mantrap with final ingress requiring a card/biometric swipe combination
  • Each rack secured via combination lock on front and rear doors
 

Additional security features at DIG’s data center facility:
  • Redundant power with generator backups
  • Monitored by external and internal video surveillance
  • Multi-vendor, redundant commodity Internet bandwidth
  • Redundant cooling
  • Fire suppression controlled by pre-action delay dry system with warning and alerting infrastructure