Quadris Cloud Security
Professional-level security baked right in
QuadrisCloud customers take advantage of process, technology and network architecture that has been purposefully constructed to meet the most stringent requirements of the most security-sensitive organisations across the UK, Europe and North America.
Protecting your organisation with …
Professionally trained & vetted employees
Security isn’t just a feature with Quadris Cloud; it’s the foundation of our entire technology stack. We integrate storage-at-rest encryption and data-in-transit encryption tech to keep you, your data, and your business safe and secure.
Industry-recognised & approved processes
With Quadris Cloud, you can easily increase or decrease the number of vCPUs, memory, storage, backup and more on a per VM basis, ensuring you only pay for what you are using.
Personalised support
We’re not a faceless online organisation. Instead, you get direct access via phone and email to our UK-based support team, all of which are experts in cloud computing and can assist with any issues, no matter how complex.
Professionaly trained and vetted employees
We understand that security is paramount, which is why we prioritise hiring only the most qualified professionals who not only possess extensive expertise but also undergo rigorous training and vetting processes. Our unwavering commitment to excellence ensures that our team is equipped with the necessary skills and security clearances to safeguard your critical data and assets. With a diverse range of certifications and clearances, our staff are not only prepared to handle sensitive information but are also trained to adhere to the highest standards of cybersecurity practices.
This proactive approach fosters a culture of trust and reliability, allowing you to focus on your business while we expertly manage your cloud infrastructure with the utmost integrity and care.
Limited remote access to critical systems
Access to core Quadris Cloud management and maintenance systems is limited to security cleared Quadris engineers, with access only available via a secure connection. All access has full audit logging of each engineer’s activities.
Government clearance
Selected Quadris employees have been cleared to UK Government Security Check (SC) clearance, providing them with uncontrolled access to Secret assets and supervised access to Top Secret assets.
Cyber Essentials Plus certified employees
All Quadris staff are Cyber Essentials certified, demonstrating our commitment to implementing fundamental cybersecurity practices and mitigating common cyber threats.
BSI-level recruiting as standard
Every Quadris employee is vetted to BS 7858:2019 standards, which details best practices and guidelines for the security screening of individuals employed within a security environment.
Selected NPPV level 3 clearance
Selected Quadris employees are cleared, where required, up to the UK National Police NPPV Level 3 standard, the highest level of clearance available, covering access to Police facilities and unsupervised access to confidential material and data.
Granular privilege as standard
Access to Quadris Cloud management and maintenance systems follows a Zero Trust guiding principal, providing access to users and teams on a granular privilege basis, based on their needs. This ensures teams only have access to the data they require, often on a read-only basis.
ISO 27001 ISMS trained staff
All Quadris staff are trained on our internal Information Security Management System (ISMS), which form part of our overall ISO/IEC 27001 accreditation. In addition to onboarding of new staff, all staff must also complete repeat awareness training throughout each year.
Industry-recognised & approved processes
When it comes to data management, we don’t cut any corners. For us, a robust and methodical process is paramount to safeguarding your information, which is why security is not just a priority but a fundamental principle woven into the very fabric of our operations.
With industry-leading frameworks such as SOC, ISO/IEC, and NHS DSP guiding our practices, we ensure that our data centres are fortified against potential threats, providing peace of mind for organisations that handle some of the most sensitive information. Coupled with our dedicated incident monitoring, alerting, and resolution systems, we proactively manage risks and respond to incidents swiftly, ensuring your data remains protected at all times.
Our commitment to excellence is underscored by our adherence to stringent standards, allowing you to focus on your core business while we expertly navigate the complexities of data security on your behalf.
SOC 1 and SOC 2 assessed
The Quadris Cloud data centres are independently assessed to SOC 1 Type II and SOC 2 Type II security levels, providing assurance about the controls and processes implemented specifically around the handling and security of financial data held within the platform.
ISO/IEC 27001 certified
Quadris treats the security of our customers and our own electronic assets with the upmost importance. We are certified to ISO27001:2013, a specification for an information security management system that is audited externally by ISOQAR.
ISO 22301 approved data centres
In the UK, Quadris Cloud operates out of two UK-based data centres located (for resilience) in Manchester and London. Both sites are ISO Business Continuity Management Systems compliant (ISO 22301).
Secure hardware disposal
All physical server hardware and components are securely erased by dedicated, trained staff before being securely disposed of to UK Waste Electrical and Electronic Equipment (WEEE) recycling regulations.
ISO 20000-1 IT Service Management
All our operations are aligned to ISO 20000-1 an international standard for IT Service Management, independently audited by ISOQAR.
NHS DSP Toolkit Compliance
Quadris (organisation code is 8KK76) meet the stringent NHS criteria for information security and governance and are committed to completing the Department of Health’s Data Security and Protection (DSP) Toolkit on an annual basis.
Incident resolution and reporting
Incidents detected by the NOC are immediately reported to internal Security Operations Centre (SOC), who are tasking with resolving and reporting incidents.
Incident monitoring and alerting
Our internal Network Operations Centre (NOC) monitors all Quadris Cloud operations 24/7 to ensure the service is safe, secure and running as expected. The NOC team employ enhanced security monitoring tools across the business to detect and respond to security incidents promptly. This includes monitoring network traffic, system logs, and implementing intrusion detection and prevention systems (IDPS) across the Quadris Cloud platform.
Hyper-scale technology, powered by open source
We leverage open source technologies for some of the foundations of Quadris Cloud, together with our own technology for the management interface we call the Quadris Cloud Console. We call this open source engineered secure and scalable architecture which delivers optimum performance and security while eliminating costly and unpredictable 3rd party licence fees.
Our integrated Imperva Web Application Firewall acts as a vigilant sentinel, filtering all web traffic and protecting against threats in real-time. To enhance security further, our UK-based IP address allocation allows for precise geofencing, while our third-party monitoring facility guarantees around-the-clock vigilance, reinforcing resilience and peace of mind.
With Quadris Cloud, you are not just choosing a cloud service; you are embracing a secure, reliable, and expertly managed environment tailored to your needs.
SSL encryption as standard
SSL encryption ensures that the data transmitted between your web browser and QuadrisCloud remains private and secure. It prevents unauthorized parties from intercepting and accessing sensitive information such as your login credentials, credit card details, or any personal data we may hold.
2FA as standard for all users
Registration and general access to the Quadris Cloud platform requires every user to sign-in using 2FA as standard. The platform supports mobile authentication via either Google Authenticator or Microsoft Authenticator.
Complex passwords by default
All Quadris Cloud passwords are set to complex 16 character + string including symbols, numbers, lower-case, uppercase and excluding similar characters.
ACL-protected Active Directory
LAPS is used to manage all local administrator passwords for domain joined computers. Passwords are stored in Active Directory and protected by an ACL so only eligible users can read or request a reset.
Windows hardening
By default, the following services are disabled for all Windows services as they present various potential security threats: SMBv1, NetBIOS, LMHash, null enumeration and cached credentials.
Integrated Imperva Firewall
Quadris Cloud has industry-leading Web Application Firewall (WAF) from Imperva built directly into the platform, monitoring and filtering all web-based traffic.
UK-based IP addresses
All Quadris Cloud accounts allocate UK-based IP addresses, allowing your internal systems to be geofenced if required, adding an additional layer of protection and security.
3rd physical location for monitoring
Quadris Cloud is monitored 24/7 via a third data centre location, building in an extra layer of security and resilience.