Transparent Security in the Cloud

Thru has over 10 years of experience securing data for corporate enterprises and public entities alike. As part of our ongoing security efforts, Thru conducts periodic audits with external third party validation and certification experts. Enlisting Gartner as an advisory role allows Thru to keep abreast of security best practices and vendor selection.

Our SOA platform is designed from the ground up with data protection in mind while allowing seamless information exchange. Product enhancements and vulnerability patching occur silently behind the scenes thus minimizing risk of downtime.

	Comprehensive Network Protection Protecting our customer data begins with enterprise class Firewall and Intrusion Detection/Prevention Systems (IDS/IPS), managed by IBM Internet Security Systems 24/7/365. Proactive monitoring with automated threat response Standard Operating Procedures and guidelines for security threat analysis, investigation, and escalation Security events and alarms documented and reported DDOS attack protection
	NTT Worldwide Partnership Selected for their unparalleled security and data center expertise, NTT has met all of our stringent security requirements. With their global points of presence, NTT was the only data hosting provider to offer the resiliency required by our enterprise customers allowing Thru to continue servicing our expanding customer base.Other NTT highlights include: Non-disclosure of data center locations Physical monitoring (24/7/365) using biometric entry authentication and human surveillance No physical access to servers or data center equipment with exception of NTT personnel only Certifications: ISO 27001, SOC1 Report (SSAE 16 and ISAE 3402), SOC 3 SysTrust®, and Safe Harbor
	Application Security Understanding the requirements for information governance and protecting IP resonates as a key initiative throughout our product and services. Our fundamental design and architecture provides data segregation and access isolation for complete protection of any and all data resident on the Thru Server. With our n-Tier application architecture, data management and availability is managed within a proprietary file system only accessible by the Thru application layer. Transfers using AES 256-bit SSL/TLS Encryption FIPS compliant 256-bit AES Encryption for data at rest Password protected emails and message attachment abstraction Access Control Limits (ACLs) by roles and built-in security groups Active Directory integration & Single Sign-On (SSO) Anti-Malware & Anti-Virus protection (Symantec) Department of Defense (DoD) 5220.22-M file deletion
	External Audits 3rd party penetration tests and vulnerability scans are conducted on a regular basis with results documented and recorded with any appropriate actions taken when necessary. Automated security scanning with Qualys performed on a weekly basis Periodic penetration testing by PCI approved scanning vendor NTA Monitor. Thru has received NTA Monitor’s Seal of Approval for Global Financial Services
	Business Continuity & Disaster Recovery All systems are deployed with integrated fault tolerant components. Multiple servers are deployed in all tiers of the service to ensure no single point of failure and business continuity. Data replication to off-site data center for disaster recovery and business continuity Full-scale preparations for power outage and fire disaster Power supply, network, and HVAC redundancy Disaster Recovery policy Network load balancing with fail-over

We understand that security is one of the major concerns in cloud computing, and our commitment to you is to maintain the highest levels of data security and privacy within the industry.  To find out more, and to request an in-depth analysis of our application platform and infrastructure, please send an email to info@thruinc.com.