Trust and Compliance
Security of our customers’ data as it passes through our network has always been a key consideration for us. We have built a multi-layer security model – providing enterprise-grade network security, physical security and access control, at our global points of presence.
Engraining security within our global network architecture, Software-Defined Network Platform and Operational Management, while leveraging a defense in-depth approach to security controls, enables us to maintain a robust security program that meets internationally accepted security practices and consistently exceeds our customers’ expectations.
Aryaka maintains an SSAE-16 SOC 2 report leveraging ISO 27001 as the framework. We update our Cloud Controls Matrix to allow our customers to view our security controls. We also have a best-in-class Security Team led by our Chief Security Officer that takes a collaborative effort in maintaining our Security Program by engaging with other Aryaka Business Units.
- Aryaka’s private global network is a closed network.
- Transport of any data through the Aryaka Network is done through enterprise grade end-to-end encrypted tunnels. These tunnels are using industry standard IPsec technology and are established between each of the enterprise locations and the Aryaka network providing security services that are superior to MPLS.
- Traffic flowing in or out of Aryaka points of presence will always be secured by an IPsec tunnel.
- A dedicated tunnel per customer at the core of the network provides traffic segregation.
- IPsec includes a key management protocol that allows mutual authentication of devices to provide a secure management channel over which further protocol negotiation can take place.
- AES128/Sha1 encryption is the default policy setting and can support AES256, 3DES and other standard encryption, as well as MD5 for signing.
- Aryaka POPs are fortified with industrial-grade, redundant firewalls.
- The Aryaka Platform is secured against Distributed Denial of Service (DDoS).
- Aryaka’s global Points of Presence are located in Tier3+ carrier-neutral data center facilities. All facilities are SSAE-16 certified, ensuring the highest level of facility security.
- All Data Centers are equipped with biometric access controlled man vaults and all networking equipment and servers are mounted in individually locked cages with key-code access.
- All facilities are in non-descript buildings, and have 24×7 security staff on premises, along with perimeter security including bollards, CCTV and Badge access to facility.
- Two factor authentication and approved personnel list are mandatory prior to gaining access to the facility.
- All facilities are equipped with dual power supply and redundant equipment.
- Only approved Aryaka personnel have access to the production environment.
- Access to production environment requires Aryaka personnel to work in a specific job function.
- All Aryaka personnel have a completed Background Check.
- Security controls for access include least privilege and logging enabled.
- Access to the production environment is from approved laptops and network leveraging SSH for secure channel.
Certifications and Documentation
Security controls, in addition to the above, are listed in some documentation supported by Aryaka. This documentation includes the following:
- SOC 1: SSAE-16 and SOC 2: SSAE-16 Reports against Aryaka’s policies and processes
- Cloud Controls Matrix (CCM)
- Consensus Assessments Initiative Questionnaire (CAIQ)
- Third party network scan reports available within 48 hours upon request
- Customer penetration testing
Aryaka Security Council
Aryaka takes a collaborative effort in maintaining our Security Program by engaging with other Aryaka Business Units. To accomplish this, Aryaka has a council that meets on a regular basis to review the security program that includes but is not limited to the following:
- Collaborative Consensus based Forum on existing and future security controls
- Forum for continuous improvement on Security Program covering people, process and technology
- Risk Based, cost-effective controls and measures to address the security threats of today and tomorrow allowing Aryaka to continue to focus on improving on what we already have.