At DISCO, data security is at the core of our engineering and operations processes. The security and integrity of our customers' data are managed according to best practices, and we maintain strict internal controls and policies. In addition to industry-standard preventative systems and controls, DISCO has a comprehensive business continuity and disaster recovery plan.
Preventing ransomware attacks
Ransomware attacks rely on the ability to infiltrate servers through phishing or social engineering and generally spread malware through Window-based central servers. DISCO internal systems and product architecture are inherently designed to protect against such attacks.
- All DISCO employees have next-generation anti-virus and endpoint detection and remediation software installed on their computers. This software is configured to detect, block, and isolate any ransomware behavior. In addition, a centralized device management system tightly controls user access, software installation, and patching across all DISCO devices.
- DISCO uses a cloud-based directory service and does not use Microsoft directory services on the corporate network, thereby eliminating a common ransomware propagation vector.
- Additionally, DISCO's production environment — where client data is stored — is hosted on Amazon Web Services (AWS) and is segregated from our office environment. It is only accessible through a secure virtual private network connection.
- Further, DISCO's production environment primarily uses Amazon services that are not Windows-based and not as vulnerable to common ransomware attacks.
- All DISCO employees are required to complete annual security training that includes best practices for preventing social engineering, phishing, viruses, etc.
Business continuity & disaster recovery plan
In the unlikely event that ransomware were to compromise any infrastructure in DISCO's production environment, or if an unavoidable disruption (e.g. natural disasters) were to occur, DISCO would follow its well-documented Business Continuity & Disaster Recovery Plan (the "Plan"). The Plan is a comprehensive document containing the necessary instruction, policies, organization, and information required to be prepared for an emergency or disaster that would affect DISCO's information systems.
- DISCO creates backups of its entire systems at least once a day. These backups are encrypted and stored in Amazon S3, making it extremely difficult for them to be compromised.
- Because DISCO's production environment is entirely cloud-based and hosted in AWS, it does not depend on specific physical servers and any impacted servers can be quickly removed, and reprovisioned with new, healthy ones.
- If any DISCO infrastructure was comprised, DISCO would dissociate the compromised infrastructure and provision replacement infrastructure based on the backup.
- For an incident of this severity, the Plan provides for recovery and restoration in 0-6 hours.