Ensuring completely secure client data has been integral to Winnow's architecture. No end customer name, address, contact information or even account number resides on Winnow.
HANDLING DATA SECURITY
Winnow SaaS platform is hosted in a secure Tier III or above Data Center that offers very high level of uptime (99.982%) with multiple telecom peers, 100% redundant capacity and compliance to PCI DSS and ISO 27001:2013 standards.
Winnow SaaS is implemented using world-class platforms from IBM and Oracle, and use LDAP / Active Directory based authentication to ensure complete safeguard of customer data.
DESCRIBED BELOW ARE SOME OF THE KEY FEATURES OF THE SECURITY SETUP IN THE SAAS DEPLOYMENT SCENARIO.
Physical access to servers and storage systems housing client data Winnow SaaS platform is hosted in secure data centres that are compliant with ISO 27001 and PCI DSS. This provides an environment where physical access to the server rack is completely controlled and access rules are established in synch with the Data Center policy and Axslogic/Client needs.
These Physical access control restrictions extend not only to the server halls, but to all other areas where an individual can gain access to a terminal that can be used to access Winnow servers
NETWORK ACCESS TO SERVERS AND STORAGE SYSTEMS HOUSING DATA
Network access to Winnow servers are protected using Firewalls at the perimeter, and two-factor authentication at the Operating System level. All server access logs are reviewed daily for any suspicious activities.
BROWSER BASED ACCESS TO WINNOW PORTAL
All Winnow features require the use of SSL via https. As a result, no data is ever sent in the clear. All user access to Winnow is protected using strong authentication policies implemented using an Active Directory server. In case of special requirements, site-to-site VPN access can be provided..
PROTECTING DATA DURING TRANSFER
At periodic intervals (daily, monthly etc.), fresh data feeds are sent from client locations to Winnow SaaS platform. Axslogic provides a data encryption tool that encrypts the data with an asymmetric-symmetric key mechanism that is specific to each client. This data is then uploaded to Winnow's SFTP / FTPS server that is monitored by the ETL agent, which decrypts the file, loads the data, re-encrypts and archives the data for a limited period (archiving is done only in case the data needs to be reloaded – archives are stored as per retention agreed with the clients).
HANDLING DISASTER RECOVERY
Axslogic provides all its clients of Winnow SaaS model with DR facilities. The facility is located in a separate physical center, adequately distanced from the primary facility.
Clients are given a separate network IP address to use in case the primary center is down. In a disaster scenario, service levels will be reduced as per the SLA.
