We rely on the support of our third party vendors Google Cloud and Microsoft Azure to deliver Kapiche Cloud applications as a service to customers. We monitor and manage the servers, in addition to providing support to our users. Our third party vendors provide the servers, power, network, and physical security of the data centres.
Our Kapiche Cloud platform was designed and optimised by us specifically to host Kapiche applications, and has multiple levels of redundancy built in. The applications themselves run on a separate front-end hardware node than that which the data is stored on. Hardware failure of the compute node is recovered automatically. Application data is stored in several ways:
Storage with multiple levels of redundancy and encrypted with a different key for each customer.
MySQL engine and a failover node. The instance is only accessible to local area network servers in use by Kapiche and only via an authenticated encrypted proxy tunnel. Direct access using a MySQL client isn’t possible.
Kapiche Analytics engines running on Microsoft Azure. The instance is only accessible to local area network servers in use by Kapiche and not the wider internet. The engine stores a parsed and processed version of the data, not the original data. SSD disks connected to the engine and configured to provide redundancy of the application data.
Access to the data centres is limited to authorized personnel only, as verified by biometric identity verification measures. Physical security measures include: on-premises security guards, closed circuit video monitoring, man traps, and additional intrusion protection measures.
Our data centres are located in geographically diverse locations across the United States, the European Union, Asia, and Australia. For Enterprise clients, hosting in specific geographic regions can be requested.
Our global support team maintains an account on all cloud systems and applications for the purposes of maintenance and support. This support team accesses hosted applications and data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request via our support system.
Within Kapiche, only authorized Kapiche employees have access to application data. Authentication is done via Google IAM accounts, and the servers only accept incoming SSH connections from Kapiche and internal data centre locations.
Kapiche Cloud is designed to allow application data to be accessible only with appropriate credentials, such that one customer cannot access another customer's data without explicit knowledge of that other customers' login information. Customers are responsible for maintaining the security of their own login information.
The Kapiche operations team monitors the Kapiche Cloud platform 24x7 from our operation centre in Brisbane.
To augment 3rd party application penetration testing we have performed, we have selected data centre providers that maintain industry-standard certifications.
To find out more about the security features and certifications provided by Google Cloud, see https://cloud.google.com/security/
To find out more about the security features and certifications provided by Microsoft Azure, see https://azure.microsoft.com/en-au/overview/security/
Application and analytics database backups for Kapiche Cloud occur every hour at the very least. Often, they occur much more regularly than that.
We understand the importance of ensuring the privacy of your personally identifiable information. For more information, please see our Privacy Statement.