Nimbus is hosted and replicated across multiple secure world class data centres which are locally hosted in each region All transmission of file data and metadata occurs over encrypted channels (https) Nimbus support staff have no login access to Business sites or Client portals and are not able to view any user files Each Business site and their Client portal have private unique URLs User files are only accessible by people with valid logins to a valid URL Self managed unique logins ensure privacy of login details Business web folders are not browsable or searchable via standard web protocols Nimbus has committed to industry standards such as ISO 27001 and ISO 32000 to ensure our standards of security and document handling are independently endorsed and meet the most stringent standards for the control over our client’s confidential information. A Data Protection Officer (DPO) has been appointed to assist with General Data Protection Regulation (GDPR) compliance in the EU.
Physical security aims to protect your data and service connectivity from physical threats such as power and hardware failure, equipment theft and natural disaster Nimbus hosts your files using high performance, fault tolerant servers replicated across multiple, widely separated, world class data centres to ensure the best possible physical protection of data, designed to achieve a 99.985% up time Access to the server floor in these data centres is strictly controlled, and limited to data centre technicians holding electronic pass cards. Buildings are under 24 x 7 continuously monitored, internal and external video surveillance Connectivity is assured at each data centre via multiple backbones to independent transit IP providers, using Border Gateway Protocol (BGP4) to determine best case routing Live server replication over long distances, coupled with a third stage backup regimen, ensures that your data is protected against any form of natural disaster that could take out an individual data centre. In the unlikely event of a data centre going off line, hosting switches to an alternate data centre
Nimbus operates on a self-managed basis, which means that users are responsible for maintaining their own logins and passwords. Thus, Businesses do not get involved in maintenance of Client logins, with consequent savings in administrative time. Likewise, Nimbus Technology support staff do not get involved in maintaining either Business or Client logins, thus, privacy of login is assured for both the Business and Clients. All passwords are stored internally with a very strong ‘one way’ encryption algorithm, thus can never be recovered, and can only be reset
User Access Security relates to the controls over Business and Client login and privacy thereof Each Business hosted by Nimbus is allocated a unique high precision identifier, which is used to encode the URLs for both the Business site and Client portal. Thus, knowledge of one Business or Client Nimbus URL does not provide a URL to any other Nimbus Business site or Client portal, as the chances of correctly guessing another business ID is infinitesimal Nimbus also prevents employees and clients from sharing login codes, thus ensuring that all logins are unique within each Business account. Similarly, unique Client login prevents inadvertent access to another Client’s files Nimbus handles loss of passwords using the industry best practice approach – an email with a password reset link is automatically sent, after having first verified the email address for login code being used. The password reset link is a one time usage link that has a strictly limited usable lifetime Nimbus offers two factor authentication for operations such as password reset and also takes steps to prevent use of password guessing programs
Electronic security aims to protect your data and privacy from being compromised by unauthorized electronic intrusion, or inadvertent exposure to either data centre and support staff, or other Nimbus customers Nimbus servers are secured behind industry leading secure firewalls and locked down to only the secure protocol used to communicate with Nimbus. There is no FTP access to Nimbus hosts, no publisher services enabled, no directory browsing through standard web protocols, no user or guest account access to the server OS, and data centre staff have no electronic access to the servers All user communication with Nimbus servers is via https, an encrypted and secure protocol, thus preventing data taps, electronic eavesdropping or data siphoning en-route between user and Nimbus host. As a further safeguard, firewalls, routers and switches within the data centre are continuously monitored electronically for abnormal activity The Nimbus host mail servers implement industry standard blacklist spam supplier detection and avoidance, do not support an HTML mail client, and relay all incoming mail to specified external mail addresses only Our servers are continuously monitored with several levels of error and activity logging, including SMS and email alerts to Nimbus support staff
All Business and Client files hosted on Nimbus servers are encrypted with a sophisticated state-of-the-art algorithm, uniquely keyed to each Business account, thus uploaded files are not readable by Nimbus support staff, nor would be readable to other Businesses or any other persons gaining authorized or unauthorized access at the server directory level
Nimbus data centres and hosting providers are chosen for their inherently robust locations, each meeting exacting Tier 3 specifications including multiple redundant independent power supplies, redundant air filtration and cooling systems, rack mounted equipment to ISO standards, with elevated flooring and sophisticated fire detection and suppression systems. Nimbus uses Amazon Web Services for hosting Nimbus