RackForce takes a holistic approach to delivering our services in a most secure manner. We understand protecting our clients data and privacy is job one. The primary elements that comprise our security programs include:
- Physical Security - focused on the facility
- Security Processes - largely the people aspects of our security programs
- Network Security - protecting the transport of data
- Security of Cloud Services - ensuring our hosted private Cloud services are delivered with confidence
- Certifications - check out our extensive level of security and data privacy qualifications
Below are some highlights.
The ’GigaCenter‘ data center employs multiple mantrap security measures - proximity pass, fingerprint, and security code. There are seven layers of security between the front door and an individual computer rack. Physical security measures include:
- Security Cameras throughout the facility
- Multiple pan-tilt-zone cameras outside the facility
- Cameras images are recorded, searchable and archived for a minimum of 90 days
- Proximity pass and biometric scanners at multiple access points
- Motion sensors and intrusion detection sensors
- Audible alarm system is sounded immediately upon the triggering of any sensor
- Steel doors and two-stage man traps
- Computer racks are individually locked
- Access control system is located in a locked cabinet in a secure room that's only accessible by authorized personnel
- Manned and monitored security desk
- Security systems are monitored 7x24 by both the on-site NOC and an off-site third party
RackForce employees extensive security processes that support our clients' needs. Our processes have been audited by a third party by evidence of our Type II SSAE 16 SOC 2 (Formerly SAS 70) certification. Further information can be obtained by contacting our Corporate Security Officer, Alex Shiskin.
Existing, audited processes include:
- All entrances are locked at all times; Two factor authentication (badge and biometric) is required for access to the facility and to the data halls
- All employees and authorized (badged) contractors are subject to a criminal record check
- All employees must wear a photo-ID badge at all times while in the facility
- Each employee and authorized contractor must use their access badge to scan in when arriving, and badge out when leaving the facility (no tailgating); a perpetual log is maintained of what personnel are onsite
- Badge and biometric access is controlled in zones, ensuring personal have access to authorized areas only
- Changes to access are documented and approved by management
- The ability to create, modify or delete access authorization is restricted by management
- Processes are in place to remove access when an employee or contractor is terminated or a badge is lost
- The access control system is logged, searchable and archived; logs are retained for at least 90 days
- Visitors are required to sign a visitor log, provide a government issued photo ID, and wear a visitor badge while in the facility
- Visitors are escorted at all times
- RackForce personnel are on-site 7x24x365.
The RackForce Corporate Security Officer is responsible for the ongoing review, management, optimizing and documenting the Security Plan.
The GigaCenter is carrier-neutral and is served by numerous major Canadian telcos, including Shaw, Bell, Rogers, Allstream and Telus. RackForce also manages a private 10Gbps network into major Canadian cities, including Vancouver, Calgary and Toronto, and Seattle Washington. This provides access to high capacity, low cost bandwidth from major North American and International communications providers. Data on the RackForce private network is transported at layer 2. RackForce can cross connect with the client's preferred telco at the peering points mentioned above, providing a secure and highly available service.
Clients can procure network services directly from their preferred telco, or purchase network services from RackForce and our telco partners. Clients can use their own VPN and encryption technologies to support their security requirements, for services delivered from the GigaCenter.
Fiber feeds into the GigaCenter are delivered through diverse underground conduits into the facility.
The data center LAN is fully redundant with 10Gbps capability to every cabinet and device within the facility. Built on the Cisco Nexus 3.0 platform, it has no single points of failure and supports concurrent maintenance. All customer data traffic is isolated on private VLANs within our GigaCenter switching with separate layer 3 routing interfaces created per VLAN at the core routing layer. No layer 2 traffic is carried between VLANs, and logical layer 2 VLAN segments are never shared between clients.
A number of optional and highly recommended services are available to enhance our clients' security programs:
- Firewall & Network Security Gateway
- Includes IPS and IDS
- Includes customer portal for self management and customization
- Web Security service
- Web Application Security service
- Email Security service
A key element of our Cloud security is the separation of client's data traffic at layer 2, on both the RackForce private WAN and GigaCenter LAN. Each client has their own private VLAN, and VLAN segments are not shared between clients.
Other aspects of our Cloud security include:
- Each Cloud VM has its own dedicated server RAM
- Each Cloud VM has its own dedicated SAN space - SAN space is allocated privately in a secure multi-tenant model
- Virtualization is delivered using industry leading VMware vSphere
- Cloud server infrastructure is delivered from a RackForce owned and managed high security vault within the GigaCenter facility.