The document discusses Rediff.com's security policies and processes to protect customer data, including:
1) Implementing server, application, logical, and physical security processes with redundant servers and access control.
2) Conducting vulnerability assessments and testing.
3) Tracking access logs, application changes, and data access.
4) Complying with SOX 404 guidelines and undergoing yearly audits as a NASDAQ-listed company.
1. The top critical and confidential measures implemented by Rediff.com to take
care of customer data security...
1. Following Security Policies and Process are in place
Server Security Process Via Multiple & Redundant Servers.
Application Security Process, via Change Management Request & Testing & QA
Analysis
Logical Security Process, Via Access Control Systems.
Physical Security Process, Via authorized personnel access system.
2. Complete Vulnerability Assessments and Testing Processes are in place
3. Following Tracking Measures and Processes are in place.
Complete IDC Access Logs Tracking
CMR Tracking, Application Version Tracking
Data Access Logs Tracking
4. We meet the following Compliance needs,
SOX 404 Guidelines, being a NASDAQ listed company.
We undergo yearly IT General Computing Control Audit
Last but not the least, Rediff.com is a NASDAQ listed company & it follows all possible
compliance guidelines and technical audits every 6 months
We have a successful track record of never having been hacked nor has there been a
case of data loss over the last 6-7 years of our operation in this industry.
2. ANSWERS TO SOME COMMON CLIENT CONCERNS
Where will my data be physically stored?
The client data will reside on Rediff’s highly secured mail servers configured in
clustered & load-balanced mode. They are located at multiple data centers with
VSNL, Reliance & Bharati respectively to avoid a single point of failure & any
dead downtime.
The bandwidth is open up to 1000 Mbps fiber connections, dedicated to
rediff.com
Is there adequate physical security in the building?
The IDC’s restrict physical access to only a few designated employees from the
Rediff tech team. Being a NASDAQ listed company it is mandatory for Rediff to
comply with the various security standards to safeguard confidentiality of client
data.
Will my client applications have a secure means to log on to the email server?
Rediffmail EPRO clients have two options to log on – Normal & SSL.
The SSL option provides a secured mechanism of data transfer from the Rediff
mail servers to the client & vice versa.
Does the hosting service have data centers with redundant network
connections, backup power sources, and engineers on site 24x7? What about
the customer's own network infrastructure?
Rediffmail EPRO clients entrust their critical communication backbone to
Rediff.com
Keeping this in mind Rediff’s infrastructure comprises of redundant network
connections, backup power sources, redundant pop/smtp servers, robust anti-
spam, anti-virus filters and engineers on site to ensure
100% uptime at all time
100% mail delivery
0% mail loss
0% mail delay
No Spam / Virus
Prompt response in case of difficulty
3. Is the hosting company financially sound? If the hosting provider is having
financial problems, it could fold and take its customers' data with it.
Rediff.com was the first and the only company to pioneer mailing solutions in
India hosted in Mumbai. It is a NASDAQ listed company & a leading name in the
Internet services space today with revenues in excess of 500 Cr per annum.
Rediff.com has been serving more then 56 million free Rediffmail active users,
and more then 12 lac corporate subscribers over the past 10-12 years.
How steep is the learning curve? Will all employees have to learn a new way
to do things, or can current client applications and work processes be used?
For instance, Oracle provides an Outlook Connector as part of OCS, so that
employees can continue to use Outlook for mail and calendaring. The
Connector converts native MAPI protocol to the Internet standard IMAP4,
which is more efficient for large networks; similarly, it converts Outlook's
calendar functions to Calendar Access Protocol (CAP). Exchange hosting
companies, of course, support both the regular Exchange client and Outlook
Web Access (OWA) directly.
Rediffmail EPRO does not warrant a change in the client’s work process nor
does it involve any steep learning curve.
Its users are provided with a very user friendly & comprehensive web
interface for accessing & managing their mailing system independently.
Being compatible with all familiar POP based clients such Outlook/Outlook
Express/Blackberry etc. such users can continue accessing their mails as
before.
Rediffmail EPRO clients are provided with a easy to use product manual
which assists in optimum utilization of their investment.
Are your routers protected by an uninterruptible power supply?
Yes. We have online UPS of capacity 4000KVA and DG set of 6000KVA.
Do you have have redundant network connections in case one fails?
Yes. We have multiple network connections for each ISP and Multipath
redundancy across ISP's. No failure points.
4. High availability architecture of
mailing system
Rediffmail Enterprise has proven track record of 99.9%+ service availability. Multifold
increase in number of users and introduction of advanced features has not affected our
service quality and availability. We attribute our reliability and scalability to well-
designed HA (high availability) architecture.
Rediffmail Enterprise’s HA architecture is based on three important concepts of service
availability. No single point of failure, fault tolerant architecture and continuous
monitoring of services makes sure that service is available all the time.
No single point of failure
Infrastructure is composed of hardware and software components. All the hardwares are
prone to failure in its lifetime. We ensure that we include best available hardware
component in our infrastructure. Typically service fails due to bottlenecks in the system
which does not have any redundant component to switch to in case of failure.
We have analyzed the each component of infrastructure and added redundancy to
granular level possible.
1. Server cluster redundancy
Server clusters are responsible for processing the entire mail data. With millions of
mails getting processed every day, we have array of server clusters that complement
each other. We have multiple redundancies for server cluster and we make sure that
server utilization never exceeds a threshold limit.
2. Storage redundancy
The storage is divided into two components; metadata and mail file. Such division
allows the faster data access and quick response to queries. For the data storage,
Rediffmail enterprise has deployed RAID6 (redundant array of independent disks)
5. standard. This standard mandates each data file to be copied at least 2 times on
redundant disks. Also these redundant disks should always be operational and
accessible all the time.
3. Load balancer redundancy
Load balancer is responsible for optimal distribution of data processing requests to
server clusters. Even for the load balancers we have added the redundancy in the
system. The load balancers are always in active-passive mode. If active load balancer
not available, load balancer in passive mode takes over and ensures smooth
processing of data. Each load balancer has two VIPs (virtual IPs) internally to support
redundant storage architecture as indicated in schematic above.
4. Network redundancy
LAN and WAN network carry all the data from one data center to another and to end
user. They are the backbone of entire infrastructure. We have created mesh of
interconnectivity between major ISPs in India as well as our data center. Thus even if
one link is down, the data can flow through multiple other routes.