Caseware Africa is providing best-in-class protection for clients’ data, beginning with our Web hosting partner. We use seven criteria to ensure data security.
The arguments for using cloud tend to hinge on cost, convenience, productivity, scalability and, above all, availability. Many organisations, though, continue to worry that cloud-based solutions are inherently less secure than on-premise ones. Data security is a legitimate concern given the growing prevalence of cyber-attacks but in fact teaming with a cloud service provider can actually enhance security because one is teaming with an expert. In addition, when you choose to partner with Caseware Cloud, you get not only the benefit of our comprehensive security measures, but those of our hosting partner, Amazon Web Services (AWS). Their security expertise plays a key role in strengthening our security.
At Caseware, we take security very seriously. We use seven basic criteria to assess the strength of any cloud-based platform, and our security requirements are constantly monitored, assessed and updated. They are:
Physical security
Our physical infrastructure is hosted by AWS so it provides physical security at its facilities in Ireland, which are most suited for African clients. AWS has met several demanding security certifications, the details of which can be found at http://aws.amazon.com/security/. In line with the Protection of Personal Information Act, the personal information stored in Ireland is protected by an act similar to PoPI.
Application security
Network security
This covers the rules and controls that restrict or limit inbound or outbound traffic, as well as internal traffic. We monitor Caseware continuously for threats, and have firewalls in place. We also perform regular penetration testing in conjunction with Amazon.
Data security and privacy
Encryption protects all traffic to Caseware, while advanced proxy services provide high availability and high-speed operation, monitor for security threats, and protect against malicious traffic. The encryption used when data is in transit is of equivalent strength to that used in online banking; at rest, it is encrypted at the server level using the industry standard AES-256 algorithm. AWS’s security policies and their accreditations also constitute a key component of the security protecting client data. The data is always owned by the client, and cannot be seen either by Caseware Africa or AWS.
Access controls
Access to the system is only via password authentication, and once in the system, users must be assigned security roles that govern what information they may or may not access. Caseware Cloud uses two-factor authentication, using a one-time password to a mobile device, as used in online banking. The security policies relating to passwords and roles are managed by the client.
Availability
A key element of ensuring that all services are available and performing optimally is that there are redundancies in place to obviate a single point of failure. Caseware engineers have ensured the system has redundant components, is continuously monitored and undergoes regular integrity checks and other measures.