Security
Security is fundamental to everything we build at ServAfri. We maintain strict controls, regular audits, and transparent practices to protect your infrastructure and data.
- • TLS 1.3 for data in transit
- • AES-256 encryption at rest
- • Encrypted backups and snapshots
- • Key management with secure rotation
- • Multi-factor authentication (MFA)
- • Role-based access control (RBAC)
- • API key management and rotation
- • SSH key pair authentication
- • Virtual private networks (VPC)
- • Firewall rules and security groups
- • DDoS mitigation and protection
- • Private networking between resources
- • Audit logs for all API calls
- • Real-time security monitoring
- • Intrusion detection systems
- • Security event alerts
- • SOC 2 Type II compliance
- • GDPR compliant data handling
- • Regular security assessments
- • Third-party security audits
- • 24/7 security operations center
- • Incident response procedures
- • Regular security drills
- • Post-incident reviews
Infrastructure Security
Our infrastructure is built on enterprise-grade hardware and software. All data centers meet strict physical security requirements, including biometric access controls, 24/7 monitoring, and redundant power and cooling systems.
Compute instances run on isolated hardware with hypervisor-level security. Storage systems use redundant arrays with automatic failover. Network infrastructure includes redundant routers, switches, and load balancers to ensure availability.
Data Protection
Customer data is stored in encrypted volumes with keys managed through secure key management services. Backups are encrypted and stored in geographically distributed locations. We maintain data retention policies that align with customer requirements and regulatory obligations.
Database instances use encrypted connections and support encryption at rest. Object storage buckets can be configured with additional encryption layers. All data transfers between regions are encrypted using secure protocols.
Security Updates
We regularly apply security patches to our infrastructure and systems. Critical security updates are applied immediately, while standard updates follow a scheduled maintenance window. Customers receive advance notice of maintenance that may affect their services.
Operating system images are updated regularly with the latest security patches. Managed services automatically receive security updates. For unmanaged instances, customers are responsible for applying updates, though we provide tools and documentation to assist.
Vulnerability Management
We conduct regular vulnerability scans and penetration testing of our infrastructure. External security researchers can report vulnerabilities through our responsible disclosure program. All reported vulnerabilities are evaluated and addressed according to severity.
Security advisories are published for significant vulnerabilities that may affect customers. We work with customers to coordinate patching and mitigation strategies. Historical security advisories are maintained in our documentation for reference.
Business Continuity
We maintain redundant systems across multiple availability zones to ensure service continuity. Regular backups are tested to verify restoration procedures. Disaster recovery plans are documented and updated based on lessons learned from drills and actual incidents.
Service level agreements define availability targets and procedures for handling outages. Status updates are provided through our status page during incidents. Post-incident reports are published for significant outages to provide transparency and demonstrate improvements.
Reporting Security Issues
If you discover a security vulnerability, please report it to security@servafri.com. We appreciate responsible disclosure and will work with you to address any issues promptly.