NiuPay Cloud Security

It is estimated that cyber attacks will cost businesses over USD20 billion in damages in 2021.

Don’t let your organisation become part of this statistic  –  enquire today to find out how our relationship with Amazon Web Services can help keep your data accessible and secure at all times.

We're setting the data security benchmark in PNG

We’re the first organisation in Papua New Guinea to achieve Amazon Web Services (AWS) Well-Architected status and become a fully qualified member of the AWS Partner Network.

Our relationship with AWS means that our customers benefit from the most secure cloud infrastructure available in the region. AWS’s infrastructure is validated against 1,000s of international standards and eclipses security standards of most traditional on-premises environments.

Our products and services are underpinned by two core pillars:

  1. Security – security is 24/7, 365 days per year, not a “one and done”.
  2. Data Privacy – your data is just that, yours. You retain ownership of your data at all times.

THE NIUPAY DIFFERENCE

How we keep your data secure

zt
Zero Trust Framework

The Zero Trust security model is applied to all our of systems and processes, internal and external of the organisation. Simply put, Zero Trust is a framework which removes all implied trust of devices (human or otherwise) connected to our systems. Micro-segmentation eliminates lateral movement, multi-factor authentication by default, physical security keys for access to sensitive data and privilege is always granted least-to-most.

technology
Isolated Environments

While many SaaS companies lump customers into multi-tenant architecture (i.e., many customers sharing one application or database), we take a different approach.

We employ a single-tenant architecture (i.e., each customer has their own isolated environment) which means we can scale and customise each environment to suit your business  -  true flexibility.

encryption_transit
Data Verification & Encryption in Transit

Our solutions are 100% cloud-native, delivered through the internet  -  we enforce the latest versions of Transport Layer Security (TLS) and DNS Security Extension (DNSSEC) to authenticate, protect integrity of and encrypt all data which moves in and out of AWS's infrastructure.

np_encryption_01
Encryption at Rest

As we store our customer data, we encrypt it using one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256).

Every object stored is encrypted with a unique key and as an additional safeguard, the key itself is encrypted with another key which rotates regularly.

proactive_defence_niupay
Proactive Defence

We implement a variety of security measures at different network and application layers.

From anomaly and intrusion detection to active firewalls and mitigation against denial of service attacks, all of our services and products are architected in line with multiple industry standards such as PCI DSS, IRAP PROTECTED Reference Architecture, SOC 2, CIS 7.1. and AWS Well-Architected.

fault_tolerance_niupay
Fault Tolerance

We take cloud computing to the next level by leveraging the latest technologies made available by AWS.

Our fault-tolerant cloud architecture means that as soon as one of our automated monitoring tools detects any type of failure, a seamless and intelligent rerouting of traffic will occur without any noticeable downtime or information loss.

data_durability
Data Durability

We leverage AWS's world-class storage solutions which not only keeps your data encrypted, secure and replicated, but also stores it in such a way that it is 99.999999999% durable.

That is, if you store 10,000,000 documents, you can on average expect to incur a loss of a single document once every 10,000 years. This type of document durability eclipses that of any traditional on-premises solution.

automation
Testing & Automation

We employ robust and proven Development-Security-Operations (DevSecOps) operational framework while utilising a variety of tools for static and dynamic code analysis, as well as active infrastructure vulnerability scanning.

To complement our automated and internal testing, we perform periodic third-party penetration testing to further validate our cybersecurity posture.

confidentiality
Confidentiality

We understand the importance of how data is collected, stored, used and disclosed.

We have robust privacy controls in place which means human-to-data contact is minimised (i.e., only the information required to complete any particular function is accessed, and then privilege is revoked).

All of our employees are thoroughly vetted prior to any exposure to our platforms and are under strict Non-Disclosure Agreements.

AWS Well-Architected Partner

We’re AWS WellArchitected! Our cloud architecture and operational processes have been reviewed and approved by AWS.

Achieving the AWS Well-Architected APN Partner status differentiates us as an APN Partner that provides demonstrated technical proficiency and proven customer success in identifying if customer solutions meet the five pillars of the Well-Architected Framework: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimisation.

Security

Protecting information, systems, and assets from the outside world with risk assessment, unplanned failures and mitigation strategies.

Reliability

Auto recover workloads from infrastructure, power or system failures with dynamic resource management to meet operational thresholds.

Performance Efficiency

Use computing resources efficiently to support on demand changes for delivering workloads with maximum performance to meet SLA's.

Operational Excellence

Run, manage and monitor production workloads to deliver business value and continuous improvement on supporting process and events.

Cost Optimisation

Avoid and eliminate unnecessary cost or replace resources with cost-effective resources without impacting the best practices and business needs.

Real-time monitoring, real-time compliance

Our cloud infrastructure is monitored against multiple industry standards on a real-time basis with thousands of metrics being evaluated every day to ensure our systems remain compliant and Service Level Agreements are being met.

We maintain transparency with our customers through dedicated compliance dashboards and guidance through our business practices.

Want to know more?

Contact one of our friendly solution experts to discuss how we can value-add your existing infrastructure or build something from the ground up.