Careful planning and well-designed controls and policies need to be in place to safeguard that information flow and protect the systems from malicious data or actors. Endpoints not only need to be secured but the data needs to be sufficiently encrypted to protect it while in transit and at rest. Prevention is the first line of defense while detection and response are essential to minimize any breaches of defense. Finexio has implemented these frameworks and policies to achieve the highest level of network security and monitoring:
Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied, and only explicitly allowed ports and protocols are allowed based on business needs. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function to mitigate risk.
- Required encrypted HTTPS communication from clients to platform using:
- Military Grade Encryption: RSA 2048 bits keys - Supports TLS 1.2 or 1.3 - SHA-256 - HTTP Strict Transport Security (HSTS)
- Routine monitoring of firewall and IDS logs and configurations
- Routine review of user access to the production environment
- Regular Vulnerability Scanning - provides comprehensive and accurate results to proactively identify and remediate potential areas of attack and reduce risk
- Incident Response - for security event logging, orchestration, and response along with Intrusion Detection and Prevention
Our infrastructure guards us against common exploits done by common attacks, such as DDoS, Spoofing and Sniffing, and Port Scanning. Finexio utilizes application isolation, operating system hardening restrictions, and encrypted connections to further ensure risk is mitigated at all levels.
Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure.
Finexio’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Finexio has a stringent vendor management policy. We perform a comprehensive security review of all vendors to ensure that they adhere to best-in-class security practices. Finexio ensures that client data is going to be handled securely with our trusted partners.
24/7 monitoring of IT networks and infrastructure to ensure that the platform is running so payments can flow seamlessly.
24/7 monitoring so that Finexio is able to react swiftly and appropriately when responding to cybersecurity incidents.