Transparent Cloud Security
Thru has over 10 years providing transparent Cloud security. As part of our ongoing security efforts, Thru conducts periodic audits with external third party validation and certification experts. Enlisting Gartner as an advisory role allows Thru to keep abreast of security best practices and vendor selection. Our SOA platform is designed from the ground up with data protection in mind, FIPS 140-2 cryptography, while allowing seamless information exchange. Product enhancements and vulnerability patching occur silently behind the scenes thus minimizing risk of downtime.
Comprehensive Network Protection
Protecting our customer data begins with enterprise class firewall and intrusion detection/prevention systems (IDS/IPS), managed by Integralis 24/7/365.
- Proactive monitoring with automated threat response
- Standard operating procedures and guidelines for security threat analysis, investigation and escalation
- Security events and alarms documented and reported
- DDOS attack protection
NTT Worldwide Partnership
Selected for their unparalleled security and data center expertise, NTT has met all of our stringent security requirements. With their global points of presence, NTT was the only data hosting provider to offer the resiliency required by our enterprise customers allowing Thru to continue servicing our expanding customer base. Other NTT highlights include:
- Non-disclosure of data center locations
- Physical monitoring (24/7/365) using biometric entry authentication and human surveillance
- No physical access to servers or data center equipment with exception of NTT personnel only
- Certifications: ISO 27001, SOC1 Report (SSAE 16 and ISAE 3402), and SOC 3 SysTrust®
- To learn more about NTT, please watch this short NTT Data Center Video
Application Security
Understanding the requirements for information governance and protecting IP resonates as a key initiative throughout our product and services. Our fundamental design and architecture provides data segregation and access isolation for complete protection of any and all data resident on the Thru Server. With our n-Tier application architecture, data management and availability is managed within a proprietary file system only accessible by the Thru application layer.
- AES 256-bit SSL/TLS encryption
- FIPS 140-2 compliant AES 256-bit encryption for data at rest
- Password protected emails and message attachment abstraction
- Access control limits (ACL) by roles and built-in security groups
- Active directory integration and single sign-on (SSO)
- Anti-malware antvirus protection (Symantec)
External Security Audits
Third-party penetration tests and vulnerability scans are conducted on a regular basis with results documented and recorded with any appropriate actions taken when necessary.
- Automated security scanning with Qualys performed on a weekly basis
- Periodic penetration testing by PCI approved scanning vendor NTA Monitor.
- Thru has received NTA Monitor’s Seal of Approval for Global Financial Services
Business Continuity & Disaster Recovery
All systems are deployed with integrated fault tolerant components. Multiple servers are deployed in all tiers of the service to ensure no single point of failure and business continuity.
- Data replication to off-site data center for disaster recovery and business continuity
- Full-scale preparations for power outage and fire disaster
- Power supply, network and HVAC redundancy
- Disaster recovery policy
- Network load balancing with fail-over
We understand that security is one of the major concerns in cloud computing, and our commitment to you is to maintain the highest levels of data security and privacy within the industry. To find out more about our transparent cloud security, and to request an in-depth analysis of our application platform and infrastructure, please send an email to info@thruinc.com.
