Engineers, whistleblowers, ethical hackers… this is how Infomaniak protects your URL data

Infomaniak stores the information of thousands of companies, institutions and individuals. We’ve been leveraging technical, human and structural means to ensure data security, safety and confidentiality on a daily basis for more than 25 years.

Security by design: data protection every step of the way

Even before we start developing a service, Infomaniak analyses all the scenarios attached to data processing. Every process is evaluated upstream to rule out any weaknesses during development.

Infomaniak: in control of its security chain from end to end

From the hardware infrastructure (data centres, suppliers, etc.) to the software (admin console, products, user interfaces, etc.), including employee recruitment, Infomaniak is in control of every link in the chain.

Our technology is independent. Your data is stored in Switzerland in data centres exclusively designed and managed by Infomaniak. Only you have access to your data.

We systematically favour open source technologies for their transparency and robustness, and our engineers also contribute to flagship projects such as Debian, OpenStack and NextCloud.

Structurally, Infomaniak is a vault room

Every facet of our activities is compartmentalised and individually secured. We deploy best practices in all areas:

• OpSec (operational security) Access protection, partitioning, infrastructure monitoring, maintenance contracts, security directives and procedures, etc.
• CorpSec (corporate security) Physical security of premises, crisis management, ISO compliance, risk management, etc.
• AppSec (application security) Secure development and security testing.
• NetSec (network security) Equipment redundancy, network segmentation, access protection, etc.

Our teams evolve as transversally as possible to optimise agility and anticipation. Security is considered at each team meeting, when everyone is asked for their feedback and ideas for improving procedures. All our users benefit from the constant flow of updates for their services, whether they’re paid-for or free.

Protection for whistleblowers

We’re aware that technology is not a cure-all. That’s why we cultivate a positive and human mindset, even when it comes to security. Infomaniak has set up an internal 24/7 operational alert system. Protected by a trustworthy entity that guarantees anonymity, employees can report potential irregularities without incurring sanctions. Everyone at Infomaniak is aware of this mechanism and knows how to avail themselves of it.

Ethical hackers: constantly testing our security

We never assume infallibility. Ethical hackers from around the world are looking for ways to breach our defences. To ensure sound practice and fair treatment, these vulnerability hunters are rigorously selected and managed by a reputable third-party intermediary. The “white hat hackers” are bound by contract and are not permitted to access our clients’ personal data to identify vulnerabilities. The specialised intermediary sorts and verifies the relevance of the vulnerabilities reported before forwarding them to us. These steps allow us to assign a severity to the vulnerability in order to tailor our corrective action. The method means we maintain complete control over the scope of this bug bounty programme while monitoring our in-service applications as well as the pre-production phases. In other words, we never launch anything without first having it tested internally and then externally by several independent vulnerability hunters, or as part of a specific intrusion test entrusted to a local company specialising in cybersecurity.

Our job is to protect your data

While there’s no such thing as zero risk, we deploy a global system to ensure that all angles are covered at all times. It’s through constant adaptation that we’re able to identify possible weaknesses or threats.

“Just because a system claims to be secure doesn’t make it so. It has to be built, it has to be maintained,” says Marc Oehler, COO at Infomaniak. He explains: “Without revealing all of our processes, we can say that Infomaniak is constantly implementing measures in a bid to stay several steps ahead.”

Infomaniak provides top-of-the-range services with SLA clauses for customers wishing to benefit from maximum security. We therefore have a business continuity plan (BCP) that’s tested regularly to ensure service availability come what may. Prevention, risks, impacts, safeguards, back-up mechanisms, etc.: every facet of a crisis is dissected and analysed upstream to define our business continuity strategy. Being proactive rather than reactive: that’s what we at Infomaniak have been doing these past 25-plus years.

Your choice determines tomorrow’s technology

To maintain control over data, it’s vital to choose digital tools developed by transparent suppliers. By choosing Infomaniak, you’re helping to drive technologies developed within a restrictive framework, both in terms of security and data confidentiality.

To find out more

• Visit Infomaniak’s datacentre
• 9 reasons to choose Infomaniak to ensure data confidentiality
• More about Infomaniak’s technological independence
• Infomaniak simplifies password management for its tools
• Three key steps that will secure and protect your WordPress site