CafeX Security Considerations

 

Download our security white paper here

 

 

securitywhitepaper2.png

 

Application Security - Secure Development

QA 

Our QA department reviews and tests our code base. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.

Separate Environments     

Testing and staging environments are separated physically and logically from the Production environment. No actual Service Data is used in the development of test environments.

Security Penetration Testing     

We employ third-party Crest Approved security experts to perform detailed penetration tests on different applications within our family of products.

Security Awareness - Policies and Training

We have developed a comprehensive set of security policies covering a range of topics. These policies are shared with, and made available to, all employees and contractors with access to CaféX information assets.  

All new employees attend a Security Awareness Training which is given upon hire. Our Information Security awareness program runs over a 12 month period for all employees giving advice and guidance as well as keeping all our employees upto date with the latest security news and threats.

All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.

 

Data center & network security

Physical Security - Facilities and Monitoring

CaféX solutions are hosted within Microsoft Azure or Amazon Web Services.

All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by CaféX staff. 

Network Security    

CaféX solutions are hosted within Microsoft Azure or Amazon Web Services.  All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by CaféX staff.      

Access to the CaféX Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team.

Employees accessing the CaféX Production Network are required to use multiple factors of authentication.

Security Incident Response     

In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

Encryption

Encryption in Transit - CaféX secures communications using industry best practices, HTTPS and Transport Layer (TLS) are used accross all out products and services.

Encryption at Rest - CaféX uses industry standards to ensure your data is encypted at rest.

Availability and Uptime     

CaféX maintains a publicly available system-status webpage for each product which includes system availability details, scheduled maintenance, service incident history, and relevant security events.

Live Assist

CaféX Meetings

Redundancy is built into each solution with availability sets and geographically dispersed data centres

Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing.