Security and Disaster Recovery

This article outlines the steps taken by our infrastructure partner to ensure security and provide disaster recovery. It’s a high-level overview taken from the comprehensive internal Disaster Recovery Plan managed by their DevOps team.

Security Management System

Insites is built on top of an infrastructure that has invested heavily in its Information Security Management System (ISMS) and built a comprehensive set of security policies and processes to protect your data and assets.

• Multiple network abstraction layers for isolation.
• Co-location of data centres around the world.
• Third-party penetration testing.
• Virus and malware scanning.

We currently provide the choice for you to deploy your websites, SaaS products, and applications on both Amazon Web Services (AWS) and Google Cloud hosting services (Azure is coming soon). We refer to their respective services when discussing specific aspects of security.

Learn more:

• AWS Cloud Security: As an AWS partner, we ensure your sites and applications will benefit from AWS data centres and a network architected to protect your information, identities, applications, and devices. With AWS, we meet core security and compliance requirements, such as data locality, protection, and confidentiality with our comprehensive services and features.

• Google Cloud Security: We take advantage of the same secure-by-design infrastructure, built-in protection, and global network that Google uses to protect your information, identities, applications, and devices.

We take steps to ensure that your code runs securely, with redundancy and backups, even in situations when clients are contractually obligated to host services on specific IaaS (Infrastructure as a Service) providers.

Data Backups

Our infrastructure automatically backs up your applications and databases using real-time READ REPLICAs which exist across multiple Zones for further physical disaster recovery within a data centre. Additionally, incremental transaction logs, and daily and weekly backups are taken.

The retention period for monthly backups is 60 days. These processes are internal to our infrastructure platform's DevOps team.

For developers and Channel Partners building Software as a Service (SaaS) solutions on top of Insites, there are additional options for taking off-site backups and managing data removal.

Additional resources:

• GDPR Compliance: Learn how our infrastructure platform approaches GDPR as just one of many compliance requirements and ensures that your project can easily comply with any number of government legislated privacy rules.

• AWS Backup: AWS Backup is a fully managed backup service that makes it easy to centralize and automate the backup of data across AWS services.

• Google Cloud Backups: How backups of your Cloud SQL instance work, and how they can be used to restore your data to the same or another instance.

Load Balancing and Redundancy

We use application load balancers that are best suited for load balancing of HTTP and HTTPS traffic and provide advanced request routing targeted at the delivery of modern application architectures, including microservices and containers.

On AWS, operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request. A similar approach is used with GCP, leveraging their various Global and Regional Load Balancing.

Behind the Load Balancers are clusters of application and database servers. These are both pooled or dedicated. Dedicated servers are purchased by clients who require a single tenant or additional server capacity for specific sites or application end-points, above and beyond the standard hosting plans.

Additional resources:

• AWS Load Balancers: Learn about Application, Network, and Classic Load Balancers.

• Google Cloud Load Balancing: High performance, scalable load balancing on Google Cloud Platform.

Disaster Recovery

The infrastructure that Insites is built on implements a disaster recovery plan (DPR) that includes:

• Guidelines for determining plan activation.
• Technical response flow and recovery strategy.
• Guidelines for recovery procedures.
• References to key Business Resumption Plans and technical dependencies.
• Rollback procedures that will be implemented to return to a standard operating state.
• Checklists outlining considerations for escalation, incident management, and plan activation.

The overall disaster recovery strategy is summarized in the table below:

A disaster recovery event can be broken out into three phases, the response, the resumption, and restoration:

• Response Phase: The immediate actions following a significant event.
  • On-call personnel are paged.
  • A decision is made around recovery strategies to be taken.
  • A full recovery team is identified.
• Resumption Phase: Activities necessary to resume services after the team has been notified.
  • Recovery procedures are implemented.
  • Coordination with other departments is executed as needed.
• Restoration Phase: Tasks taken to restore service to previous levels.
  • Rollback procedures are implemented.
  • Operations are restored.

Additional references:

• AWS Disaster Recovery: AWS supports many disaster recovery architectures, from those built for smaller workloads to enterprise solutions that enable rapid failover at scale. AWS provides a set of cloud-based disaster recovery services that enable fast recovery of your IT infrastructure and data.
• Disaster Recovery on Google Cloud: A miniseries by Priyanka Vergadia.

Insites is built on top of an infrastructure platform that supports many global brands, including Intel, Hallmark, Spark.co.nz. These brands also perform rigorous 3rd party penetration testing and require specific best practices to be adhered to. We are proud to say that we are built on top of a platform that has an exceptional track record of over 5+ years of servicing these clients.