Skip to main content

Infrastructure Security

Infrastructure security is the foundation of maintaining secure cloud and server infrastructure. This includes the physical data center security, networking components, and virtualization infrastructure. Bamboozle's infrastructure is continually maintained following internationally recognized security controls. Our infrastructure is monitored 24/7/365 and undergoes third-party audits as well as targeted testing annually. For physical security, each of our data center colocation providers maintain industry-recognized certifications and our networks are MANRS certified.

Networking

Bamboozle networks are collections of servers connected by wires provided by multiple Internet Service Providers. We develop, document, and maintain a current baseline for all machines and network device hardware. Examples of controls we maintain for network security:

  • Update the baseline configuration for network devices at least annually or when a significant change occurs.
  • Use the least privilege method when provisioning infrastructure components. Any unnecessary ports or protocols are disabled.
  • Use industry standard transport protocols such as TLS between devices and Bamboozle data centers, and within data centers themselves.
  • Employ a defense in-depth strategy for boundary protection, including secure segmentation of network environments through VLAN segmentation, ACL restrictions, and encrypted communications for remote connectivity.
  • Define, implement and evaluate processes, procedures, and defense-in-depth techniques for protection, detection, and timely response to network-based attacks.

Servers

Every Bamboozle data center implements controls that ensure physical access to the facilities, backup data, and other system components is restricted. Examples of controls we maintain for server security:

  • Biometric, proximity card, and PIN reader systems used to restrict data center access to only provisioned individuals.
  • Monitoring mechanisms over infrastructure to check server performance, data, traffic, and load capacity.
  • Detect and route issues experienced by hosts in real time and employ orchestration tooling that has the ability to regenerate hosts.
  • Third parties provide a certificate of destruction upon destruction of physical production assets maintained in collocated data centers.
  • Documented logical access policies and procedures to guide personnel in information security practices including password requirements, acceptable use, access provisioning, and access termination.

Storage

Bamboozle storage devices are encrypted at rest based on industry standards. They have the same physical security protections as our servers. Additional controls we maintain for storage security:

  • Asset inventory includes serial number tracking for servers, disks, and other assets.
  • Where full disk encryption is used, logical access is managed by FileVault for macOS and BitLocker for Windows operating systems. Linux encryption occurs during the operating system build.
  • In-scope systems are configured to require at least one of the following: authorized user account and password, MFA, SSO, or SSH.

Virtualization

Virtualization makes cloud hosting possible and allows multiple Bamboozle customers to host their products on the same disk with inherent logical separation. Security measures we maintain for your virtualized instance:

  • Initial permission definitions, and changes to permissions, associated with logical access roles of production-impacting systems are approved by authorized personnel.
  • We maintain device configuration policies on security requirements for the configuration and management of devices connecting to corporate services.
  • Customer environments are isolated using numerous mechanisms, technologies, policies, processes, and architectural elements. Customer tenants and virtual machine deployments are kept logically separated. Customer data may be encrypted in-transit and at-rest through configurable and standards-based providers.
Was this page helpful?