Axcient Security Overview
Axcient: Protecting Your Data, Applications & IT Infrastructure
Axcient Security Overview
Axcient is a new type of cloud platform, built from the ground up to protect your data, applications and IT infrastructure. Security is therefore top of mind for Axcient and we have put in place the necessary controls and technologies to ensure your data is secure, all the time.
The diagram below of the Axcient architecture highlights the key areas where data security is paramount: at the appliance level, during transmission to the Axcient cloud, at rest in an Axcient datacenter, and access from the Web console.
The Axcient appliance is an enterprise-class server built to Axcient’s specifications by HP, which works as the local cache and protection for your networked devices. This appliance is installed behind your own firewall so that your local network security policies will apply in terms of physical and logical access to the appliance.
Once the appliance is installed, you can configure individual user accounts to grant access to the data and backup options provided by Axcient through the local appliance.
The appliance is accessible within your own network according to your security policies, as well as via the Web-based Axcient management console, which communicates with the appliance over a secured link using browser-based SSL protocol.
Data in Transit to the Axcient Cloud
Once the local Axcient appliance is installed in your network, there is a handshake/authentication that is initiated by the appliance with the Axcient service through a secure link. When the appliance registers, an encryption key is automatically generated and is unique per appliance. Axcient employs AES encryption, as required for FIPS 140-2 Level 1 compliance*. Encrypted data is securely transmitted to an Axcient datacenter where it is stored in encrypted format.
If appliance authentication with the data center fails for some reason, then the connection attempt fails and cloud data access is blocked. The Axcient cloud operation also includes security measures to detect and prevent unauthorized connection attempts.
Data at Rest in an Axcient Datacenter
Data at rest in an Axcient datacenter is AES encrypted using the uniquely generated key. In addition, Axcient has a multi- tenant architecture that ensures data from different clients remains segregated and inaccessible to unauthorized clients. Using an array of security equipment, techniques and procedures, Axcient datacenters achieve true three-factor, financial- grade security. All access points are controlled and all areas are monitored and recorded. The exterior radius structure meets Level III explosion resistance standards and there are multiple man traps with reinforced walls.
In addition, a staff of specially trained security guards and highly experienced engineers provide 24x7x365 building and network monitoring, with both internal and external video surveillance and a 60-day minimum retention policy. Access is highly restricted to authorized personnel, using strict authentication controls.
Axcient maintains a strict access control policy, which limits access to only those Axcient employees who must fulfill the very specific business purpose objectives stated in the policy document.
Access to customer data in the Axcient cloud is limited to authorized users via the Web-based management console. A primary user is designated by the customer, which serves as a super admin and has the ability to add new users. Specific access roles can be used to limit user access to data and functions within the system.