While there are enhanced regulatory requirements globally for the investment managers regarding Cyber-security measures, we understand and take customer’s data security very seriously. The Sudrania infrastructure is protected by firewall and access to servers is restricted. Any PII or user authentication related data is encrypted within Database. Access to the database is only restricted to application server IP address. Along with this we are doing intrusion protection and blacklisting of IP addresses which perpetuate DDoS attack. We have anti-virus and anti-malware strategy which by installing software segregate Prod and non-prod network. We are also using AWS security groups and IAM to protect our environment further.
Along with this, we have disaster recovery site parallelly running in a different location from our primary data center. Disaster recovery site is regularly tested by our IT and business groups. Various other backup and server redundancy strategies are in place to recover from any unforeseen situations like full loss of primary servers or partial loss of any server.
We also have various Proactive strategies to handle scaling of the server if CPU, memory or any other resource goes beyond a certain point. There is constant monitoring of alerts coming out of AWS, or our firewall and process are in place to handle alerts.
Our application security infrastructure has been evaluated by an external party, and the application has also been audited by independent auditors for SOC 2 certification.