Physical Layer
Data Centres
Computle places paramount importance on physical security to ensure the safeguarding of sensitive data within its data centers and critical infrastructure. To achieve this, we have implemented stringent measures to control and monitor access to our facilities. Our data centers are equipped with multi-layered security systems, including biometric authentication, access card systems, and video surveillance.
Only authorized personnel with the appropriate credentials are granted entry to restricted areas, and all access events are closely monitored and logged. Furthermore, our server rooms are designed with reinforced access points, environmental controls, and fire suppression systems to mitigate potential physical threats.
Host Isolation
Each physical host in our infrastructure is dedicated exclusively to running a single Computle machine instance for a customer. This approach guarantees that a customer's workload operates in complete isolation, with exclusive access to the underlying hardware resources. By dedicating each host to one client, we eliminate the risk of data co-mingling and resource contention. This strict isolation enhances data security and privacy, minimizing the potential impact of security incidents on neighboring instances.
Site Isolation
Computle implements stringent network segmentation and access controls to ensure that data and resources within one site remain completely separate from those in other sites. This approach reduces the attack surface and prevents potential lateral movement for cyber attackers
Digital Layer
Zero Trust Architecture (ZTA)
Computle operates on the principle of "never trust, always verify," ensuring that no user or device is granted unrestricted access by default. Our ZTA implementation involves rigorous identity verification through multi-factor authentication (MFA) and robust identity and access management (IAM) systems. We enforce the principle of least privilege access, limiting access rights to the minimum required for each user or device. Network micro-segmentation is employed to create isolated segments, reducing the lateral movement potential of threats. Continuous monitoring and policy-based access control help us detect and respond to anomalies in real-time.
Vulnerability Management
Industry lading vulnerability management tools actively scan our infrastructure and applications in real-time, allowing us to swiftly detect and assess vulnerabilities as they emerge. When vendor updates and patches are released, we promptly evaluate and prioritise them based on severity and potential impact. We then execute patching strategies to address these vulnerabilities, reducing the risk of exploitation.
Tenant Isolation
Although Computle provides shared services to multiple customers, we place a paramount emphasis on ensuring the highest level of security and data isolation. To achieve this, we utilise robust tenant isolation measures that effectively block inter-tenant traffic. Each tenant's data and resources are strictly segregated, creating distinct virtual boundaries that prevent any unauthorized access or interaction between tenants.
Hardware Keys
Computle leverages hardware based security keys as a crucial component of our Multi-Factor Authentication (MFA) strategy. By incorporating hardware keys into our authentication process, we provide an additional layer of security beyond passwords. When users access our systems or services, they are required to use their hardware key, combined with a password and trusted device. This hardware-based MFA adds a robust security layer, effectively reducing the risk of phishing attacks.
Security Information and Event Management (SIEM)
Computle's SIEM solution aggregates data from various sources, including network devices, servers, applications, and security tools, to provide a holistic view of our estate. By continuously monitoring this data, we can quickly detect and respond to security events and incidents, such as suspicious network traffic, unauthorized access attempts, or malware outbreaks and provide automatic remediation such as device quarantine.
Security Auditing and Logging
Security auditing and logging are essential components of Computle's security approach, enabling us to detect and respond to security incidents, maintain compliance, and continuously enhance our security posture. These practices are crucial in our commitment to protecting our clients' data and assets from emerging cybersecurity threats.
Computle Client
The Computle Client serves as the secure gateway between users and their virtual workstations, implementing multiple layers of security to protect data in transit and ensure authenticated access.
Microsoft Entra ID Integration
Our client integrates seamlessly with Microsoft Entra ID (formerly Azure AD), enabling organizations to leverage their existing identity infrastructure. Customers can optionally enforce multi-factor authentication (MFA) through Entra ID, adding an additional security layer that requires users to verify their identity through multiple authentication methods before accessing their workstation.
WireGuard Point-to-Point Encryption
All connections between the Computle Client and workstations are secured through WireGuard point-to-point tunnels. These encrypted tunnels are configured with strict protocol filtering, exclusively allowing NICE DCV, Remote Desktop Protocol (RDP), and Mechdyne TGX traffic. This approach ensures that only legitimate remote access protocols can traverse the connection, eliminating potential attack vectors while maintaining optimal performance for workstation access.
Automated Security Testing
Our development pipeline incorporates automated vulnerability detection tools that continuously scan the Computle Client codebase. These tools perform static application security testing (SAST), dependency scanning, and security compliance checks with every code commit. This proactive approach enables us to identify and remediate potential security vulnerabilities before they reach production, maintaining the highest security standards for our client software.
Vulnerability Disclosure
Our VDP is designed to facilitate a responsible and collaborative approach to cybersecurity, ensuring that any reported vulnerabilities are acknowledged, thoroughly investigated, and addressed in a timely and responsible manner. Your assistance in identifying and reporting potential security risks is invaluable in helping us maintain the integrity and security of our systems and data, and we greatly appreciate your commitment to responsible disclosure.