Bulletproof
security

Security of IT systems is more critical to today than ever. An increase in cyber-crime combined with the strengthening of privacy legislation has created a security compliance minefield for businesses in Australia and abroad. 6YS protects customer using a broad spectrum of security technologies  and address all aspects of physical security, network security, data and especially user security.

Our systems and processes exceed the limits to which most organisations operate at and are certified to the worlds leading standards:

  • ISO 27001:2013 - Information Security Management System
  • ISO 27017:2015 - Security Controls for Cloud Services
  • ISO 27018:2014 - Code of practice for protection of Personally Identifiable Information in public clouds

Another core element of our security approach is an unbending commitment to working with our customers to ensure that their staff are protecting their access to critical information as well as monitoring customer environments to detect anomalies in user access.

Data sovereignty guaranteed

As a critical layer of security, all of our customers can rest assured that their data remains in Australia on servers based in Australia from Australian suppliers. This removes one of the weakest links in the data security chain for most organisations and is one of the reasons government agencies in Australia trust 6YS to host their data and infrastructure.

Defense in depth

Network Security

Integrity and security of 6YS networks is ensured using a combination of the following technologies and methodologies:

External / Internet Networks

  • Exclusive use of industry-leading ICA Certified FortiGate firewalls
  • Intrusion Detection and Prevention
  • Core web-facing systems are located in a DMZ
  • Strict change management and approval processes for ALL firewall changes

Internal / Local Area Networks

  • Virtual LANs (VLANs) used to separate networks
  • Internal FortiGate firewalls used as gatekeepers between VLANs
  • Centralised data logging of all activity on core systems (including configuration changes, network events etc)
Data Security

Since 6YS stores customer data in various different ways depending upon the service being consumed (e.g. APPSPOINT, Hosted Exchange, IRONPOINT etc) the methodologies used differ between systems. Some of these methodologies include:

  • Automated management of Access Control Lists from our Provisioning System (to eliminate user error during customer provisioning)
  • Use of Access Based Enumeration (users can only see the data that they have permission to access, removing temptation and rendering resource enumeration attempts ineffective)
  • Leveraging technologies with multi-tenancy built into their DNA (e.g. NetApp Virtual Filers)
  • All backup data is secured with equal importance to production data
  • No data (backup or otherwise) ever leaves Australia without the customers’ explicit authorisation
  • Deeply ingrained philosophy across all engineering and support staff of our single most important core value: The absolute separation of customer data. By adopting this value in our organisational culture, we can ensure that human error is virtually non-existent
User Security

Over 90% of all electronic security breaches occur due to user error, or social engineering (i.e. giving away a password to a hacker over the phone). As a result, 6YS treats user security very seriously:

Internal Staff:

  • All administrative account passwords meet high complexity requirements and are changed at regular intervals
  • There is no means by which an administrative account can directly access the 6YS network externally, without first authenticating via another means
  • Auditing is used throughout all systems to track administrative logins and access to resources
  • We run police and background checks on all new staff
  • New staff are vetted for a minimum of 30 days before being issued any administrative credentials to 6YS systems

Customers:

  • When setting passwords for users, we always utilise passwords that represent an optimal combination of security, and ease of remembering.
  • We encourage our users to regularly change their passwords, and enforce minimum security standards when doing so.
  • We endeavour to educate our customers in safe practices regarding the protection of their credentials.
  • Several methodologies are implemented to detect attempts to compromise user accounts and to lock these out as required.
Physical Security

6YS utilises multiple data centre facilities throughout Australia. All 6YS facilities comply with the following minimum requirements:

  • ISO27001 Certified
  • Designed, built and operated to Tier 3 or higher standard
  • 99.99% or higher up-time target (with track record to validate)
  • Multi-factor authentication to gain physical access to the facility (e.g. two or more of the following: physical access token or key, PIN code, biometric scan, personal identity verification through photo ID check)
  • 24x7 CCTV recording
  • Staffed 24x7 with Network Operations / Security staff on-site
  • Staff access to individual racks must be authorised
  • Facility power is fully contained (i.e. all power systems including  generators & fuel tanks are contained within the concrete DC structure) ensuring the facility can operate on diesel for a minimum of 72hrs without refuelling in the event of physical damage to mains power feeds
  • PCI-DSS Compliance

Built on the back of the leading technologies

solidfire
download
download (1)
Fortinet-logo
VMware_logo_4
Netapp_logo.svg

More about our approach

Engineered to perform 24x7x365 with 99.99% availability.

A highly scalable environment with complete cost control and flexible options for procurement.

Delivering ROI faster.