Payroll in the cloud: securing your data
In the first in a series of ‘payroll in the cloud’ articles, we look at one of the most important aspects of cloud-based technology, security of data, and detail the measures Ceridian takes to ensure that our customers’ data remains safe and secure.
The changing technology landscape
An increasing demand for ‘always on’, always available and easy to maintain software solutions has seen a shift away from traditional locally hosted application platforms, towards externally hosted solutions where computing resources are targeted based on demand and data is distributed across multiple storage locations.
These ‘cloud-based’ solutions, championed by the likes of Google and Amazon, are playing an increasing role in delivering services such as online banking, shopping and digital document management.
Ceridian in the cloud
Ceridian has been utilising cloud-based technologies for over a decade to provide our payroll and HR solutions. Our platform was designed with security as its foundation and with availability, resilience, scalability and performance as its corner stones.
To give you an idea of the scale of our platform, the data Ceridian stores is the equivalent of 71 million MP3s, more than iTunes and Spotify combined.If we compare to Twitter, there are 500 million 140 character tweets sent per day. Ceridian’s daily network traffic is the equivalent of 7 billion tweets, 14 times more than Twitter.
However, the very nature of our business means that Ceridian solutions are storing some of the most sensitive data a business has access to, including payroll records and employees’ personal details. So with such vast volumes of data to manage, how do we ensure that this data remains secure and is only accessible to authorised users?
As a company, Ceridian employs physical, operational and digital security measures to ensure our platform and our customers’ data remain safe and secure.
Our physical measures include hosting all of our software in two major UK data centres which operate under ISO27001 certification. Each data centre is housed in a non-descript building employing a number of security controls including biometric access and authorisation procedures as well as a 24/7 security presence.
We have a number of operational procedures in place to govern how we control and manage our systems. These controls ensure that access to our systems is restricted to the minimum number of authorised personnel, that there is a formal segregation of duties between people working on key systems and that full user entitlement reviews are carried out on a regular basis.
Our physical and operational security measures are reinforced by a comprehensive approach to securing the data we manage from digital attacks. We utilise powerful security devices that offer firewalls and intrusion detection; antivirus policies are regularly updated and automatic monthly vulnerability scans are carried out to test our solutions against common security threats.
Ceridian also commissions annual independent application security tests of every application that is hosted on our platform. These include functional reviews and threat assessments, analysis of the supporting infrastructure and subversion attempts comprising both authorised and unauthorised access scenarios.
All communications in to, and out of, our platform are secured using industry standard encryption techniques, while our password policies are fully configurable including multiple challenge authentication options.
These are just some of the measures Ceridian employs on our cloud platform to ensure the safety and security of our customers’ data. With new security threats emerging every day, Ceridian continues to review and update these measures and invest substantially in the security of our platform and customers’ data.
How confident are you that your in-house IT teams or other software providers are doing the same?