MTS Security is based on observed experience, common practices and guidance from industry standards, such as ISO/IEC 27001 and ISO/IEC 27002, which outlines a framework for information security management and a corresponding code of practice.
We focus on the following critical elements:
- Physical Security
Our customers can rest easy knowing their data is hosted in secure, highly available, Tier 3 certified data centers. Our data center controls are SSAE-16 certified in the U.S. and ISO 27001/14001/9001 certified in the UK.
MTS provides an enterprise-class storage solution for primary data storage capacity and secured on-site data backups for retention and restoration. Additionally, an alternate MTS site is used for data replication, retention and backups via private network circuit.
- Business Continuity
The standard Recovery Time Objective (RTO) is six hours and the standard Recovery Point Objective (RPO) is one hour. Local snapshot and remote mirroring capabilities allow MTS to provide very fast file restoration and disaster recovery using the minimum bandwidth between storage arrays. Snapshots occur every hour. Hourly snapshots are retained for 24 hours and daily snapshots are retained for 30 days. These snapshots are replicated to another storage array in a different MTS data center, where they are available for restoration, failover and disaster recovery.
- Network Architecture
We deploy a default-deny, defense-in-depth strategy to deter unauthorized access. Highly available stateful inspection firewalls on hardened security appliances protect the internet-facing systems. Only the ports needed to provide our services are permitted. Additionally, all communication channels between the client and the server are encrypted (e.g., there are no clear-text communications across the internet to the client desktop). Network-based intrusion prevention systems provide an additional layer of protection by actively blocking malicious traffic at the perimeter.