Operations & Network Security

Access control
Privileged access to IT infrastructure assets such as servers, monitoring etc. is protected by multi-factor authentication.

IT infrastructure event logs
IT infrastructure assets are logged.

Logs are collected and managed by a syslog management platform which is centrally managed by Benify’s IT Operations team. The platform is used to collect, index and analyze syslog on a centralized location.

Back-up
Back-ups of production data are undertaken daily and are monitored. Automated recovery tests are performed at least once per week.

Daily back-ups are stored for at least a week. Weekly back-ups are stored for at least a month and monthly back-ups are stored for at least a year.

Backups are stored at Benify’s secondary data center.

Security patching
Common vulnerabilities and exposures (CVEs) are monitored and patches are applied according to internal policies and procedures.

IT environments
Benify has separate environments for application development, test and production.

Performance monitoring
Performance, uptime and resource usage for production servers and services are monitored by Benify IT Operations.

Media disposal
Approved software and degaussing equipment is used for secure data erasure.

Disaster recovery plan
Benify has a disaster recovery plan which is tested annually in order to verify Benify’s capacity to recover and protect the business IT infrastructure in the event of a disaster.

Redundancy
Benify has redundant network suppliers and the possibility to re-route communication in the unlikely event of network failure.

Encryption
All site-to-site communication within Benify is encrypted using IPSEC AES 256-bit encryption.

All VPN traffic to Benify networks are encrypted.

Internal traffic from Benify computer clients to Benify production services are encrypted.

Malware protection
Benify have centrally managed and monitored anti-virus systems. Detection, prevention and recovery controls in order to protect against malware is undertaken.

All Benify’s computer clients and servers are protected with anti-virus software.

Signature updates are conducted on a daily basis.

Separation of networks and tiers
The Benify application consist of 3 tiers: load balancing/front end, application servers and database servers. Between the internet and load balancing tier is a physical firewall. Between the load balancing and the application server tier is a physical firewall. Between the application server and the database server tier is a software firewall.

All end user traffic terminates in servers located in a DMZ. All production servers are located in a network separated from other Benify internal systems.

Firewalls

Our network is protected by redundant stateful inspection firewall clusters.

Intrusion detection and prevention
Benify uses artificial intelligence algorithms and world leading anomaly detection machine learning to protect our networks from malicious intruders.

Network vulnerability scans
Benify weekly perform network vulnerability scans using automated vulnerability scanners. All vulnerabilities are classified and mitigated according to internal policies and procedures.