CaseWare Africa is providing best-in-class protection for clients’ data, beginning with our Web hosting partner. We use seven criteria to ensure data security.
The arguments for using cloud tend to hinge on cost, convenience, productivity, scalability and, above all, availability. Many organisations, though, continue to worry that cloud-based solutions are inherently less secure than on-premise ones. Data security is a legitimate concern given the growing prevalence of cyber-attacks but in fact teaming with a cloud service provider can actually enhance security because one is teaming with an expert. In addition, when you choose to partner with CaseWare Cloud, you get not only the benefit of our comprehensive security measures, but those of our hosting partner, Amazon Web Services (AWS). Their security expertise plays a key role in strengthening our security.
At CaseWare, we take security very seriously. We use seven basic criteria to assess the strength of any cloud-based platform, and our security requirements are constantly monitored, assessed and updated. They are:
Our physical infrastructure is hosted by AWS so it provides physical security at its facilities in Ireland, which are most suited for African clients. AWS has met several demanding security certifications, the details of which can be found at http://aws.amazon.com/security/. In line with the Protection of Personal Information Act, the personal information stored in Ireland is protected by an act similar to PoPI.
This covers all components of the application, including code, databases, configurations, third-party libraries and so on. Our engineers built CaseWare Cloud with security in mind from the beginning, and we are constantly stress-testing it. We also gain strength from AWS’s security policies and accreditations. We are certified for two leading security standards, ISO 27001 and SOC 2.
This covers the rules and controls that restrict or limit inbound or outbound traffic, as well as internal traffic. We monitor CaseWare continuously for threats, and have firewalls in place. We also perform regular penetration testing in conjunction with Amazon.
Data security and privacy.
Encryption protects all traffic to CaseWare, while advanced proxy services provide high availability and high-speed operation, monitor for security threats, and protect against malicious traffic. The encryption used when data is in transit is of equivalent strength to that used in online banking; at rest, it is encrypted at the server level using the industry standard AES-256 algorithm. AWS’s security policies and their accreditations also constitute a key component of the security protecting client data. The data is always owned by the client, and cannot be seen either by CaseWare Africa or AWS.
Access to the system is only via password authentication, and once in the system, users must be assigned security roles that govern what information they may or may not access. CaseWare Cloud uses two-factor authentication, using a one-time password to a mobile device, as used in online banking. The security policies relating to passwords and roles are managed by the client.
A key element of ensuring that all services are available and performing optimally is that there are redundancies in place to obviate a single point of failure. CaseWare engineers have ensured the system has redundant components, is continuously monitored and undergoes regular integrity checks and other measures.
Business partnership and trust.
Perhaps the most important consideration is the track record of any potential cloud provider—and will it likely continue into the future. A cloud partner must be a close business partner. CaseWare was founded almost 30 years ago, and is well-established in Africa, with a strong local partner in Adapt IT. AWS, it hardly needs to be said, is one of the leading global companies with enormous resources and, most important of all, a stellar reputation for customer service.