According to the Russian Government Decree No.1119 of 01.11.2012, there are four levels of personal data protection in IT systems. Selection of a protection level is determined by the category of data (special, biometric, other, publicly available), number of data subjects (less or more than 100 thousand) and the types of applicable threats. The order of FSTEK of Russia No.21 of 18.02.2013 defines technical and organizational requirements to the implementation of a specific protection level.
Storage of personal data in the cloud allows companies to save on equipment and software and removes the need to undergo time-consuming assessment and certification procedures, as the service provider will take care of all this work.
Protection of personal data requires increasingly serious measures due to the ever-growing number of threats. Rostelecom-Solar reports that financial losses of the Russian business caused by data security incidents in the first quarter of 2022 grew by 20% and amounted to 100 mln roubles per a company. Financial and reputation risks can be lowered by choosing reliable for data storage and processing.
“Interaction of the cloud provider and the customer is organized so that the provider is responsible for everything from physical security to hypervisor. Our mission is to provide customers with a protected cloud platform and a set of verified information security tools, which provide maximum safety without big initial costs,” comments Georgy Belyakov, Head of Information Security Department of Linxdatacenter.
The FSTEK licensee confirmed compliance of Linxdatacenter cloud infrastructure with personal data protection requirements on all levels: organizational, technical and physical. Linxdatacenter Previous assessment was issued to Linxdatacenter three years ago.
Linxdatacenter regularly implements measures increasing security level of data storage, processing and transfer systems in its data centers. The cloud provider also passes the assessment for PCI DSS compliance on the annual basis.
BEST, money transfer and payments operator
The customer faced a technical issue with a persistent BGP session flag with Linxdatacenter hardware. We examined the problem and found out that one of customer’s hosts was under a DDoS attack.
Because of the distributed nature of the attack, traffic couldn’t be filtered effectively, and disconnecting the host from the external network wasn’t an option. The attack stopped after changes in the server configuration, but resumed the day after. A 5.5 Gbps attack overloaded the junctions with internet providers, affecting other Linx Cloud users. To mitigate the effects of the attack, we employed a dedicated DDoS protection service.
To ensure the continuous availability of resources hosted in Linx Cloud, we rerouted all the customer’s traffic through StormWall Anti-DDoS system. The attack was stopped within half an hour. To prevent future cyberattacks, we organized all connections to the customer’s resources through the StormWall network.
Thank you for your inquiry, we will get back to you shortly!