CafeX Security Considerations
Download our security white paper here
Application Security - Secure Development
Our QA department reviews and tests our code base. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Testing and staging environments are separated physically and logically from the Production environment. No actual Service Data is used in the development of test environments.
Security Penetration Testing
We employ third-party Crest Approved security experts to perform detailed penetration tests on different applications within our family of products.
Security Awareness - Policies and Training
We have developed a comprehensive set of security policies covering a range of topics. These policies are shared with, and made available to, all employees and contractors with access to CaféX information assets.
All new employees attend a Security Awareness Training which is given upon hire. Our Information Security awareness program runs over a 12 month period for all employees giving advice and guidance as well as keeping all our employees upto date with the latest security news and threats.
All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.
Data center & network security
Physical Security - Facilities and Monitoring
CaféX solutions are hosted within Microsoft Azure or Amazon Web Services.
All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by CaféX staff.
CaféX solutions are hosted within Microsoft Azure or Amazon Web Services. All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by CaféX staff.
Access to the CaféX Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team.
Employees accessing the CaféX Production Network are required to use multiple factors of authentication.
Security Incident Response
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
Encryption in Transit - CaféX secures communications using industry best practices, HTTPS and Transport Layer (TLS) are used accross all out products and services.
Encryption at Rest - CaféX uses industry standards to ensure your data is encypted at rest.
Availability and Uptime
CaféX maintains a publicly available system-status webpage for each product which includes system availability details, scheduled maintenance, service incident history, and relevant security events.
Redundancy is built into each solution with availability sets and geographically dispersed data centres
Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing.