Network Security

Protection

Our network is protected by firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection and/or Prevention technologies (IDS/IPS) which monitor and/or block malicious traffic and network attacks.

Architecture

Our physical network structure is designed to have multiple zones based on the security classification of the systems. Public, private and DMZ zones are used to separate the most sensitive systems from those that need to be public internet facing.

Intrusion Detection + Prevention

Kitewheel uses continuous 24/7 intrusion detection monitoring to raise alarms if there is unexpected activity on any of our managed systems.

Vulnerability Scanning

During every release cycle Kitewheel scans the application for known vulnerabilities using up-to-date signature packages. Security vulnerabilities identified are a release gate which must be passed prior to rollout.

Server Scanning

Every server is statically scanned on a regular basis for common vulnerabilities and exposures, security best practices and OWASP recommendations.

Availability & Continuity

Uptime

Kitewheel maintains a publicly available status page at http://www.kitewheelstatus.com which includes system availability details, scheduled maintenance and other incidents. Customers can subscribe to the status page for real-time alerts.

Redundancy

Kitewheel uses system redundancy, physical separation of systems and network redundancy to eliminate single points of failure. A continuous backup regime means that we can restore our systems quickly on redundant servers.

Disaster Recovery

Kitewheel’s disaster recovery program ensures that our services remain available or are quickly recoverable under a number of circumstances. Disaster recovery exercises are performed at least annually.

Software Development Lifecycle

Security Training

Kitewheel maintains a publicly available status page at http://www.kitewheelstatus.com which includes system availability details, scheduled maintenance and other incidents. Customers can subscribe to the status page for real-time alerts.

QA

All testing includes automated scanning and penetration tests for security vulnerabilities. These are automatically updated against the most recent known threats. QA staff are trained in code review techniques for security vulnerabilities.

Separate Environments

All software development, testing, staging and performance evaluation environments are distinct from the production environments.

Vulnerabilities

All code is statically analysed prior to commit and during each pull request for potential security vulnerabilities. Each application release is gated on passing an active penetration test. All of the Kitewheel Hub infrastructure is regularly scanned for known vulnerabilities and is monitored 24×7 for intrusion.

Product Security Features

Transport Layer Security

Kitewheel uses the highest level of TLS recommended by the security community. This is currently TLS 1.2 for all external facing interfaces.

Password Policy

The Kitewheel Hub password policy restricts the form of passwords, minimum length and acceptable characters. Password expiry is enforced and re-use of the past five passwords Is not allowed.

Compliance Certification

Kitewheel operates in Line with the SOC 2 Type 2 Security and Availability Trust Services Principles. A SOC 2 Type 2 Report is available under NDA for existing customers.