Skip to content. | Skip to navigation

Navigation

Focus on your applications!

Personal tools

You are here: Home / Security and Privacy / Technical and organisational data protection measures

Technical and organisational data protection measures

by Veit Schiele last modified Jul 10, 2016 08:51 PM © cusy GmbH, Berlin 2015

We offer you a high level of data protection and security in accordance with the German Data Protection Act.

Entry control

The user identification is exclusively about personal credentials carried out so that actions can be attributed to a specific person always. There is no split permissions.

  • All privileged operations are logged
  • SSH logins done via SSH Keys
  • Successful SSH logins are logged
  • A better access control on the network is ensured by establishing different VLANs, which are separated by a firewall gateway. The networks be distinguished according to how much traffic is to be expected in them:
    • Frontend network
    • Application network
    • Storage Network
    • Management network
Access Control

The authorization concept distinguishes between the responsibilities for the maintenance of applications and privileged tasks for updating and configuring the operating system.

Application developers can change to service-user access and database administration access. All permissions are set explicitly and comprehensible. Access for a group of people is not granted to track transactions.

Transfer Control
All personal data is transfered in an authenticated and encrypted communication channel. These also includes the data for the test systems.
Availability Control

Personal data is protected against accidental destruction or loss by

  • redundant hardware and virtualization
  • through the backup services
  • the disaster recovery, which describes in detail failure scenarios, precautions and availability measurements
Separation control

Data for different purposes will be processed separately:

  • Virtual machines separate the processing of data and storage networks separate the persistently stored data
  • The machines (virtual and physical) are separated into access rings
  • Various applications are separated into different virtual machines and/or different service user