Data security

Data security is one of the key aspects taken into consideration by the SSIX project.

The choice of the cloud environment on which the data gathering platform runs and stores the data has also been guided by the features offered in terms of data security and protection.

After a period of testing, researching and benchmarking, 3rdPLACE has identified the Google Cloud Platform as the best solution on which to deploy the whole architecture dedicated to data ingestion and storage.

First of all, the Google Cloud Platform complies with robust security standards:

  • SSAE16 / ISAE 3402 Type II:
    • SOC 2
    • SOC 3 public audit report
  • ISO 27001, one of the most widely recognized, internationally accepted independent security standards. Google has earned ISO 27001 certification for the systems, applications, people, technology, processes and data centers serving Google Cloud Platform.
  • FISMA Moderate accreditation for Google App Engine
  • PCI DSS v3.0
  • HIPAA BAA

Data is automatically encrypted before it is written to disk using the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys.

Moreover, data traveling between a customer’s device and Google is encrypted by default using HTTPS/TLS (Transport Layer Security).

Besides these security features, Google allows to select the geographical zone where the servers are physically located and the data is stored. In the case of SSIX, all the servers and datasets are located in Europe.

All the aspects described guarantee the compliance with the European Commission’s Data Protection Directive, which regulates the transfer of personal data within the European Union.

This blog post was written by SSIX partner Angelo Cavallini at 3rdPLACE.
For the latest update, like us on Facebook, follow us on Twitter and join us on LinkedIn.