BRC - Security Overview

Written By Tami Sutcliffe (Super Administrator)

Updated at August 31st, 2023

Axcient is a new type of cloud platform, built from the ground up to protect your data, applications and IT infrastructure. Security is therefore top of mind for Axcient and we have put in place the necessary controls and technologies to ensure your data is secure, all the time. 

The Axcient architecture diagram depicted below highlights the key areas where data security is paramount: at the appliance level, during transmission to the Axcient cloud, at rest in an Axcient data center, and during access from the Web console.

mceclip0.png

Axcient appliance

The Axcient appliance is an enterprise-class server built to Axcient’s specifications by HP or Dell, which works as the local cache and protection for your networked devices. This appliance is installed behind your own firewall so that your local network security policies will apply in terms of physical and logical access to the appliance.

Once the appliance is installed, you can configure individual user accounts to grant access to the data and backup options provided by Axcient through the local appliance.

The appliance is accessible within your own network according to your security policies, as well as via the web-based Axcient management console, which communicates with the appliance over a secured link using browser-based TLS protocol.

Data at rest on the Axcient appliance

Data on the Axcient appliance, with new installations of AxOS 7.0 or higher, is protected by industry-standard full disk encryption methods. Data at rest on the Axcient appliance is encrypted and managed by cloud-hosted key management services (CKMS).

In the event of physical theft or a network compromise, encryption keys can be revoked instantly, rendering the data inaccessible and unusable. Axcient retains access to every cloud-hosted encryption key forever, in a partner-visible audit log for compliance.

Data in transit to the Axcient cloud

Once the local Axcient appliance is installed in your network, handshake/authentication is initiated by the appliance with the Axcient service through a secure link. When the appliance registers, an encryption key is automatically generated and is unique per appliance. Encrypted data is securely transmitted to an Axcient data center where it is stored in encrypted format.

If appliance authentication with the data center fails for some reason, then the connection attempt fails, and cloud data access is blocked. The Axcient cloud operation also includes security measures to detect and prevent unauthorized connection attempts.

Data at rest in an Axcient Data Center

Data at rest in an Axcient data center is AES encrypted using the uniquely generated key. In addition, Axcient has a multitenant architecture that ensures data from different clients remains segmented and inaccessible to unauthorized clients.

The exterior radius structure meets Level III explosion resistance standards and there are multiple man traps with reinforced walls.

Axcient’s data center is SOC 2 Type 2 certified, ensuring adequate controls related to security and availability of information systems. In addition, a staff of specially trained security guards and highly experienced engineers provide 24x7x365 building and network monitoring, with both internal and external video surveillance and a 60-day minimum retention policy. Access is highly restricted to authorized personnel, using strict authentication controls.  

Axcient maintains a strict access control policy, which limits access to only those Axcient employees who must fulfill the very specific business purpose objectives stated in the policy document.

Data access

Access to customer data in the Axcient cloud is limited to authorized users via the web-based management console. A primary user is designated by the customer, which serves as a super admin and can add new users. Specific access roles can be used to limit user access to data and functions within the system.