At FileHound, we recognise that data security is not just a priority but a paramount concern for our customers. It is at the core of everything we do. We go above and beyond to implement the necessary measures that ensure your data is safeguarded from any unauthorised access, disclosure, use, or loss. Our unwavering commitment to data security means you can trust us to keep your valuable information safe and secure at all times. Your peace of mind is our top priority, and we continuously strive to maintain the highest standards of data protection to earn and keep your trust.

FileHound Hosting in Microsoft Azure UK: Benefits and Assurances

At Element3 and FileHound, the security, reliability, and performance of our SaaS Infrastructure and server virtualisation services take precedence. To uphold these core principles, we have made a strategic decision to host our services entirely within Microsoft Azure UK. This choice is driven by the numerous benefits and assurances that Microsoft Azure UK offers, ensuring an elevated experience for our valued customers. Let's explore the key advantages that this hosting decision brings:

Compliance and Data Sovereignty

When you choose FileHound hosted in Microsoft Azure UK, you can rest assured that your data stays within the geographical boundaries of the United Kingdom. Microsoft Azure UK data centres adhere to stringent compliance standards, including the General Data Protection Regulation (GDPR), ensuring that data privacy and protection regulations are diligently followed. This compliance provides peace of mind for our customers, particularly those handling sensitive or personal data.

Enterprise-Grade Security

In the digital age, security is paramount, and Microsoft Azure UK is equipped with robust security measures. FileHound in Azure employs industry-leading encryption, firewalls, threat detection, and access controls to safeguard data from unauthorised access and cyber threats, providing an enterprise-grade security foundation.

Azure Security Center

At FileHound, we have adopted Azure Security Center as a central platform that provides unified security management and threat protection for our Azure resources and workloads. This solution offers continuous monitoring, threat detection, and actionable security recommendations, further enhancing the security posture of our Azure FileHound environments.

Threat Detection and Alerts

Using advanced analytics and machine learning, Azure Security Center detects suspicious activities and potential threats to FileHound in real-time. This capability allows us to identify various types of threats, including malware and data exfiltration, empowering us to respond proactively to potential security risks.

High Availability and Redundancy

Microsoft Azure UK's data centres are designed for high availability and redundancy. By leveraging multiple data centres across different regions, our FileHound services remain accessible and customer data stays secure even in the rare event of a data centre outage. The advanced failover mechanisms of Microsoft Azure guarantee continuous service availability, minimising downtime and maximising productivity for your business.

Scalability and Flexibility

As the number of FileHound users expands, our infrastructure requirements evolve accordingly. With Microsoft Azure UK, we benefit from unparalleled scalability and flexibility. Whether we need to upscale resources during peak periods or downscale during quieter times, Azure's cloud-based architecture allows us to adapt our infrastructure to suit our needs seamlessly.

Disaster Recovery and Backup

FileHound in Azure UK offers reliable disaster recovery and automated backup services to protect FileHound data. These features facilitate quick recovery in the event of data loss, ensuring minimal disruption to FileHound operations and maintaining service continuity.

Latest Microsoft Server Operating Systems
FileHound is proud to utilise the latest Microsoft server operating systems as the foundation of our hosting infrastructure. We recognise that these systems are continually evolving to enhance performance, security, and functionality. To ensure that we are always running on the latest recommended versions, our dedicated team of DevOps professionals rigorously follows Microsoft's update releases and applies patches promptly.

Regularly Scheduled Updates
Our update schedule adheres to industry best practices and Microsoft's recommended update cadence. This approach allows us to stay aligned with the latest security patches, bug fixes, and feature enhancements. By proactively maintaining our server operating systems, we minimize vulnerabilities, reducing the risk of security breaches and system downtime.

Database Systems Optimisation
In addition to server operating systems, we also prioritise the latest database systems from Microsoft. Our commitment to utilising cutting-edge database technologies ensures optimal data storage, retrieval, and management for FileHound and our customers. Regularly updating these systems is an integral part of our strategy to deliver efficient and reliable database services, all while keeping security at the forefront of our considerations.

Data Encryption Services

Encryption in Transit

All data transmitted between FileHound customers and our service uses robust encryption protocols, including Transport Layer Security (TLS) 1.2 protocols, Advanced Encryption Standard (AES) 256 encryption, and Secure Hash Algorithm (SHA) 2 signatures. This encryption ensures that your data remains safe and secure during transmission.

Encryption at Rest

Data at rest in our production network is encrypted using Federal Information Processing Standards (FIPS) 140-2 compliant encryption standards. This level of encryption applies to all types of data within our systems, including relational databases, file stores, and database backups. We go the extra mile by storing all encryption keys on a secure server within a segregated network with very limited access. Moreover, we have implemented robust safeguards to protect the creation, storage, retrieval, and destruction of secrets such as encryption keys and service account credentials.

Third-party API Calls

To optimise results, we may make third-party API calls to services such as Google DocumentAI, Amazon Textract, and Docsparser for OCR and entity detection. Before running a resolution layer, we leverage multiple OCR engines. Rest assured that we use Cloud Services for processing and API calls, and none of your data is stored beyond the completion of processing by such cloud providers.

Cloud Services Security

Each Cloud Service we employ (such as Google Cloud Platform, Microsoft Azure, AWS, Docsparser, and Aluma.io) utilises a combination of approaches to maintain the utmost security for their infrastructure. This includes physical access control, personnel security, logical access control, penetration testing, third-party audits, and intrusion detection and prevention.

For more information, you can refer to the documentation from the respective Cloud Services:

• Microsoft Azure: https://azure.microsoft.com/en-gb/support/legal/
• Veryfi: https://www.veryfi.com/terms/

Access Controls

At FileHound, we treat access control with the utmost seriousness to ensure that only authorised personnel have access to your data. We adhere to the principles of least privilege and role-based permissions when granting access, which means that workers are only authorised to access data that they require to fulfil their current job responsibilities.

To minimise the risk of data exposure, all production access undergoes quarterly reviews following ISO/IEC 27001 guidelines and methodologies. Regular audits of access control are conducted to ensure that permissions are up-to-date and aligned with business requirements.

We also utilise an access control system that logs all access events and provides real-time alerts for unauthorised access attempts. This system enables us to monitor access to our systems and promptly identify potential security issues.

We understand that third-party access can pose security risks. Therefore, we maintain a list of approved third-party vendors who require access to our systems and data. Before granting access, we conduct a thorough review of the vendor's security controls and practices to ensure they meet our high standards.

Finally, we enforce strict policies and procedures for granting and revoking access to our systems and data. All access requests must be approved by an authorised individual, and access is promptly revoked upon termination of employment or contract.

Authentication

At FileHound, we recognise the critical role of strong authentication measures in safeguarding your data. Consequently, we implement multi-factor authentication (MFA) for all access to systems housing highly classified data, including our production environment that stores customer data. MFA adds an additional layer of security by requiring two or more forms of authentication before granting access to a system.

Where appropriate, we utilise private keys for authentication in addition to MFA. Private keys are encrypted files that allow access to a system or service. They are unique to an individual and provide a more secure way of authenticating compared to traditional passwords. By using private keys, we reduce the risk of data exposure due to weak passwords or phishing attacks.

We regularly review our authentication procedures to ensure they align with the latest security best practices. Additionally, we maintain a record of all authentication events, enabling us to monitor access to our systems and identify potential security issues.

Finally, we understand that password security is critical to preventing unauthorised access to our systems. Therefore, we enforce strong password policies, such as requiring the use of complex passwords and regular password changes, to help protect against password-related attacks.

Security Monitoring and Review

At Element3 and FileHound, our commitment to security is unwavering. We take the protection of your data and FileHound infrastructure with utmost seriousness. As part of our continuous efforts to maintain the highest level of security, we regularly review and enhance our policies, processes, and procedures. Our dedicated team of experts actively monitors our systems 24/7, ensuring prompt identification and response to any potential security threats. You can trust that we remain steadfast in our pursuit of providing a safe and secure environment for your valuable data and business operations. Your security is our priority, and we are dedicated to delivering the peace of mind you deserve.

Last updated: October 2023