The NiuPay Cloud
Comprehensive security & reliability
We’re the first organisation in Papua New Guinea to achieve Amazon Web Services (AWS) Well-Architected status and become a fully qualified member of the AWS Partner Network. Our relationship with AWS means that our customers benefit from the most secure cloud infrastructure available in the region. AWS’s infrastructure is validated against 1,000s of international standards and eclipses security standards of most traditional on-premises environments. Continue reading below to find out how we secure and operate our cloud environments.
We maintain real-time compliance against industry security standards by using a variety of tools and business processes.
We automate end-to-end testing of code and infrastructure using leading tooling integrated directly with our DevSecOps pipeline.
Our infrastructure, applications and networks regularly undergo third-party, white-hat penetration testing.
Commitment to security and reliability is what we've built our reputation on
Explore how we're setting the new benchmark in Papua New Guinea for data storage and processing.
Zero-trust Security Framework
The Zero Trust security model is applied to all of our systems and processes, internal and external of the organisation. Simply put, Zero Trust is a framework which removes all implied trust of devices (human or otherwise) connected to our systems. Micro-segmentation eliminates lateral movement, multi-factor authentication by default, physical security keys for access to sensitive data and privilege is always granted least-to-most.
True Isolated Environments
While many SaaS companies lump customers into “logical” multi-tenant architecture (i.e., many customers sharing one application or database service), we take a different approach.
We employ a single-tenant architecture (i.e., each customer has their own isolated environment) which means we can scale and customise each environment to suit requirements independent of one-another. No two organisations are the same!
Data Verification & Encryption in Transit
Our solutions are 100% cloud-native, delivered through the internet – we enforce the latest versions of Transport Layer Security (TLS) and DNS Security Extension (DNSSEC) to authenticate, protect integrity of, and encrypt all data which moves in and out of AWS’s infrastructure.
Encryption at Rest
As we store our client’s data, we encrypt it using one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256).
Every object stored is encrypted with a unique key and as an additional safeguard, the key itself is encrypted with another key which rotates regularly.
We implement a variety of security measures at different network and application layers.
From anomaly and intrusion detection to active firewalls and mitigation against denial of service attacks, all of our services and products are architected in line with multiple industry standards/frameworks such as PCI DSS, IRAP PROTECTED Reference Architecture, SOC 2, CIS 7.1. and AWS Well-Architected.
We take cloud computing to the next level by leveraging the latest technologies made available by AWS.
Our fault-tolerant cloud architecture means that as soon as one of our automated monitoring tools detects any type of failure, a seamless and intelligent rerouting of traffic will occur without any noticeable downtime or information loss. Depending on the deployment type, our clients typically enjoy 99.9% – 99.99% uptime guarantees, RPO’s of only seconds and RTO’s of minutes.
We leverage AWS’s world-class storage solutions which not only keeps your data encrypted, secure and replicated, but also stores it in such a way that it is 99.999999999% durable.
That is, if you store 10,000,000 documents, you can on average expect to incur a loss of a single document once every 10,000 years. This type of document durability eclipses that of any traditional on-premises solution.
Testing & Automation
We employ robust and proven Development-Security-Operations (DevSecOps) operational frameworks while utilising a variety of tools for static and dynamic code analysis, as well as active infrastructure vulnerability scanning.
To complement our automated and internal testing, we perform periodic third-party penetration testing to further validate our cybersecurity posture.
We understand the importance of how data is collected, stored, used and disclosed.
We have robust privacy controls in place which means human-to-data contact is minimised (i.e., only the information required to complete any particular function is accessed, and then privilege is revoked).
All our employees are thoroughly vetted prior to any exposure to our platforms and are under strict Non-Disclosure Agreements.