Xoxoday uses two-factor authentication to grant access for our administrative operations - both infrastructure and services. We ensure that administrative privileges are granted to only a few employees. Additionally, role-based access is used to ensure specific users have only required operations that are allowed for specific users as per the access control policy.
All administrative access is automatically logged and monitored by our internal security team. Detailed information on when/why the operations are carried out are documented and notified to the security team before performing any changes in the production environment.
Xoxoday has deployed an information technology network to facilitate its business and make it more efficient for various risks. And establish management direction, principles, and standard requirement to ensure that the appropriate protection of information on its networks maintained and sustained. Few controls which in place to achieve the protection of exchanged information from interception, copying, modification, misrouting, and destruction as follow:
SSH keys are required to gain console access to our servers and each login is identified by a user. All critical operations are logged to a central log server and our servers can be accessed only from restricted and secure IPs.
Hosts are segmented, and accesses are restricted based on functionality. That is, application requests are allowed only from AWS ELB and database servers can be accessed only from application servers.