Security, Protection and Business Continuity
Our platform stores our customers' essential business data, so it is important that we explain the measures we take to ensure that this data is safe and secure. We like to be open and transparent about the technology and procedures we use to protect our customers' data.
Diamond Discovery Desktop
The Diamond Discovery Desktop uses the Remote Desktop Protocol (RDP) to deliver to your local device a Windows desktop that is hosted on our servers. You use programs and applications on this Windows desktop as if they were on your local device. Your local device will use RDP client software to communicate with our RDP server software. Data communication between our servers and the RDP desktop is encrypted, the level of encryption being the most secure that can be supported by the RDP client software on your local device. On modern devices, this will be the SSL protocol.
Diamond Discovery Web Databases
Our web server platform is the CentOS6 Linux operating system. The browser-based software applications are written in PERL 5.14 with additional CPAN modules and the database is MySQL 5.0.95. Delivery of the content is via HTML to a standard web browser with support for Microsoft Explorer, Mozilla Firefox, Google Chrome and other WK engine browsers. All data communication between our servers and the local browser is encrypted using the SSL protocol.
Secure Socket Layer (SSL)
The Secure Socket Layer (SSL) protocol prevents data being viewed or altered in transit. This industry-standard approach is the same system used by banks and online payment systems.
Physical Security
Our servers are located in a highly secure, purpose-built facility in which direct access to the hardware is closely controlled. Entry to the facility is permitted strictly for authorised individuals, with identity checks confirmed against a photo record (e.g. passport). Within the facility, access is controlled via card-activated doors to only the permitted racks which house the servers which an individual is authorised to access.
Fire Safety
The data centre is equipped with VESDA (Very Early Smoke Detection Apparatus) which will deploy haylon gas which does not adversely affect the electrical equipment.
Electrical Protection
The power supply to each room, rack and server is also protected. The first level of protection is provided by Uninterruptable Power Supplies, backed up by building-wide generators capable of maintaining all the servers housed there. The systems use "N+1", which is for every item of critical power equipment (N), there is at least one backup system for it (+1).
Network Connectivity
The servers all have an extremely high capacity Internet connection which is linked to the data centre's 'backbone' which comprises of multiple 10Gb connections. This is then linked to other data centres and telecommunication companies for UK and Global connectivity. A system known as Border Gateway Protocol (BGP) is used to maintain the connection if any of the fibre connections fail or any route to or from a data centre should fail; downtime is kept to a minimum, virtually zero.
Network Security
The integrity of our servers is maintained by means of firewalls, antivirus software, restricting the activities of logged-in users and a programme of strict update of the Operating System.
Data Safeguarding
The first level of protection comes from our policy that every server uses RAID drives (Redundant Array of Independent Disks) which means that data is replicated across multiple disks to prevent any data loss if drives fail. Secondly, all critical data and user settings are backed up twice a day and copied to a different server in a different room of the data centre. Thirdly, the data is copied completely offsite to an independent secure data vaulting service to allow fast rebuild of the data structure in the extremely unlikely event of a building-wide issue such as terrorism or flooding. All of these services are completely automated and use the network to copy the data, therefore not relying on people other than for monitoring.