Cloud security FAQs
This page is intended to provide a high-level overview of our Cloud Security Principles, including commonly-asked questions. More in-depth pages are available for specific products.
- Egress utilises identity-based AES 256-bit encryption using FIPS 140-2 approved cryptographic libraries. This provides the highest level of security for complete end to end data exchange. Egress hides the complexity of encryption using a revolutionary patent protected architecture and is the true evolution of PKI based encryption systems.
- See our hosting page for details.
- Subcontractors have no direct access to customer data.
- Access is limited to Egress staff on a least privilege basis, so that only the required staff have access. Any staff that must have access, is required to have Security Clearance before access is approved.
- Customer data is either logically or physically separated. Where logical separation is used, Egress uses techniques such as specific customer keys to ensure that one customer cannot access another customers data.
- Logical separation is applied at the database layer, maintained with unique client keys
Yes, this is managed through the Azure facility where data is stored securely.
Yes, this is provided by our hosting partners.
Yes, Egress performs reviews considering any emerging risks and security best practice, looking to apply them to the platform as soon as available. If this is not possible, for any reason, then we would look to other remedial work to ensure that services were adequately protected.
For resources deployed in the cloud (Azure), MS Security Centre provides real time alerting of security events. We also have a third party SIEM than monitors logs for any unusual/suspicious activity who then report this to our internal Security team.
Yes, this is provided by Cloudflare for DDoS protection in addition to other services such as Web Application Firewalls.
Whilst backups are taken to allow restore to given points in time if needed, backups take place at scheduled times throughout the day to different sites. This therefore allows for site independence with a maximum of 15 mins delay.
Egress Operations staff has undergone forensics training and we have a specialist forensics company on contract should their services be needed.
Yes, this is completed in line with our Data Retention Policy. Due to the nature of some of the cloud environments used, we cannot always provide evidence for customer virtual machines.
We will work with your security and compliance teams to provide the required evidence based on destruction of physical disks/data or the logical deletion of disks/data for public cloud.
Yes - by a 'Check' Provider at least annually (spread across all Egress service lines), or after any major change.
Egress can provide an on-premise infrastructure which gives you the ability to fully manage your own encryption keys, where applicable.
Data would ordinarily be stored in line with the sender's settings, based on where they were located and whether the user was part of a business account that specified data be kept on their business site. This is locked to a specific location and/or region and we would default to UK based storage by default for UK customers.
US customers’ data is stored within the US.
Yes, see above.