Security

Security isn't just a priority at Enterspeed – it’s our passion.

Guided by our Information Security Management System (ISMS), we've implemented a robust security programme based on the ISO 27001:2013 international standard. This allows us to systematically assess and manage risks, threats, and vulnerabilities, ensuring the utmost security for customer information.

Accountability for security starts at the top. Our leadership team is fully committed to maintaining security competencies across all levels of our organisation. Through a comprehensive, unified approach, we strive to guarantee the confidentiality, availability, and integrity of your data.

For more details on our rigorous security measures, we invite you to explore this page. Know that with Enterspeed, your content and data are secured against unauthorised access with the highest level of care.

Infrastructure Security

Enterspeed operates exclusively on Microsoft Azure, a platform that offers robust Infrastructure-as-a-Service (IaaS) with a focus on top-tier security capabilities. As a cloud-native service, our physical security requirements are managed and executed by Microsoft's compliant offerings; we do not maintain our own data centres.

Our data storage and delivery operations utilise data centres that are certified to be in full compliance with the ISO 27001 standard, ensuring maximum security for your valuable content.

Secure Key Management

Sensitive data, including connection strings utilised in our applications, are encrypted and managed through a specialised secret management service.

Encryption During Transit

Rest assured that all data communication involving you, your services, and Enterspeed takes place over encrypted HTTPS channels utilising TLS v1.2. Additionally, transit data between Enterspeed and our Delivery Regions is encrypted to negate unauthorised third-party access.

Robust Backup Systems

We conduct multiple daily backups of customer-uploaded data and view data. These backups are stored across Azure's multi-regional infrastructure to provide an additional layer of security.

Code Security Measures

Open-Source SDKs

Our Software Development Kits (SDKs) are open-source, and we wholeheartedly welcome contributions from our developer community via GitHub.

Rigorous Code Peer Reviews

Our development strategy leverages GitHub’s pull request mechanism for code reviews. Following a pull request approval, our engineers advance the code through the development lifecycle. Pair programming is regularly practiced in identifying bugs early on.

Automatic Static Code Analysis

Upon code commitment to GitHub, our Continuous Integration (CI) processes automatically trigger an array of tests, including static code analysis to identify vulnerabilities.

Quality Assurance (QA)

Before deployment, code is subjected to both manual and automated QA testing in an isolated Azure environment to ensure its quality and integrity.

Organisational Security

Security Awareness Program

All Enterspeed team members, as well as contracted third parties, undergo regular security and data privacy awareness training relevant to their roles.

Mobile Device Management (MDM)

We ensure that all company-issued hardware and contracted third parties is equipped with encrypted storage.

Security Policies and Guidelines

Enterspeed maintains comprehensive internal policies concerning data privacy and security, readily accessible in our employee handbook.

Password Management

We adhere to advanced password policies compliant with NIST guidelines and encourage the use of password managers for enhanced security. We also offer all employees a license for a password manager to use for their personal login items.

Multi-Factor Authentication (MFA)

MFA is enforced across our primary services and strongly recommended for both employees and customers for all other services.

Incident Response Protocol

In the event of a security incident, a well-documented response plan is activated, involving customer notification and full cooperation with data protection authorities.

Bug Bounty Programme

While we do not have a formal bug bounty programme, we are open to rewarding security researchers for responsible vulnerability disclosure.

For questions, incident reports, or to discuss security vulnerabilities, please contact us at security@enterspeed.com.