Physical Security
Facilities
All Kitewheel servers are hosted at Tier III+ data centers that are operated at ISO27001 compliance levels. Data center facilities are powered by redundant power, each with UPS and backup generators.
On-Site Security
Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.
Location
Kitewheel leverages data centers in the United States, Europe, and Japan. Customers can choose to locate their Service Data in the US-only or Europe-only
Network Security
Protection
Our network is protected by firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection and/or Prevention technologies (IDS/IPS) which monitor and/or block malicious traffic and network attacks.
Architecture
Our physical network structure is designed to have multiple zones based on the security classification of the systems. Public, private and DMZ zones are used to separate the most sensitive systems from those that need to be public internet facing.
Intrusion Detection + Prevention
Kitewheel uses continuous 24/7 intrusion detection monitoring to raise alarms if there is unexpected activity on any of our managed systems.
Vulnerability Scanning
During every release cycle Kitewheel scans the application for known vulnerabilities using up-to-date signature packages. Security vulnerabilities identified are a release gate which must be passed prior to rollout.
Server Scanning
Every server is statically scanned on a regular basis for common vulnerabilities and exposures, security best practices and OWASP recommendations.
Encryption
Encryption in Transit
Communication between client systems and the Kitewheel hub, both interactive and with the Kitewheel graph API, uses HTTPS and Transport Layer Security (TLS). Kitewheel uses a minimum of TLS 1.2.
Encryption at Rest
All data stored by Kitewheel is encrypted at rest using strong encryption techniques and different keys for development, UAT and production servers. Sensitive information is also encrypted at the value level on insertion to the database.
Availability & Continuity
Uptime
Kitewheel maintains a publicly available status page at http://www.kitewheelstatus.com which includes system availability details, scheduled maintenance and other incidents. Customers can subscribe to the status page for real-time alerts.
Redundancy
Kitewheel uses system redundancy, physical separation of systems and network redundancy to eliminate single points of failure. A continuous backup regime means that we can restore our systems quickly on redundant servers.
Disaster Recovery
Kitewheel’s disaster recovery program ensures that our services remain available or are quickly recoverable under a number of circumstances. Disaster recovery exercises are performed at least annually.
Software Development Lifecycle
Security Training
Kitewheel maintains a publicly available status page at http://www.kitewheelstatus.com which includes system availability details, scheduled maintenance and other incidents. Customers can subscribe to the status page for real-time alerts.
QA
All testing includes automated scanning and penetration tests for security vulnerabilities. These are automatically updated against the most recent known threats. QA staff are trained in code review techniques for security vulnerabilities.
Separate Environments
All software development, testing, staging and performance evaluation environments are distinct from the production environments.
Vulnerabilities
All code is statically analysed prior to commit and during each pull request for potential security vulnerabilities. Each application release is gated on passing an active penetration test. All of the Kitewheel Hub infrastructure is regularly scanned for known vulnerabilities and is monitored 24×7 for intrusion.
Product Security Features
Transport Layer Security
Kitewheel uses the highest level of TLS recommended by the security community. This is currently TLS 1.2 for all external facing interfaces.
Password Policy
The Kitewheel Hub password policy restricts the form of passwords, minimum length and acceptable characters. Password expiry is enforced and re-use of the past five passwords Is not allowed.
Compliance Certification
Kitewheel operates in Line with the SOC 2 Security and Availability Trust Services Principles. A SOC 2 Report is available under NDA for existing customers.