Skip to content
  • There are no suggestions because the search field is empty.

Protection of Data

Purpose

To provide details on the protection of data within Reading Cloud

 

Training and Vetting

We take the protection of data very seriously, as part of this we ensure all our staff undertake annual online data protection training which includes an assessment which must be passed. Management are under strict instruction to ensure their staff complete mandatory training which is reported at board level.

When starting a job at Reading Cloud, all staff are vetted to ensure they have a right to work in the UK and criminality checks (Disclosure Scotland Basic and Disclose and Barring Service standard) are carried out. These are reviewed every three years.

 

Security

We have combined the advantages of CloudFlare and Microsoft Azure to bring a highly available and securely hosted library system to customers.

 

CloudFlare Security

  • Anycast Network - With 118 data centres across 57 countries and 10 TBPS of capacity, Cloudflare’s Anycast network absorbs distributed attack traffic by dispersing it geographically, while keeping Internet properties available and performant.
  • DNSSEC is the Internet’s nonspoofable caller ID. It guarantees a web application’s traffic is safely routed to the correct servers so that a site’s visitors are not intercepted by a hidden “man-in-the-middle” attacker.
  • Cloudflare’s enterprise grade web application firewall (WAF) detects and blocks common application layer vulnerabilities at the network edge, utilising the OWASP Top 10, application specific and custom rule sets.
  • Rate Limiting protects critical resources by providing fine grained control to block or qualify visitors with suspicious request rates.
  • Transport Security Layer (TLS) encryption enables HTTPS connections between visitors and origin server(s), preventing man-in-the-middle attacks, packet sniffing, the display of web browser trust warnings, and more.
  • Cloudflare is an ICANN accredited registrar, protecting organisations from domain hijacking with high touch, online and offline verification for any changes to a registrar account.
  • Cloudflare Orbit solves security related issues for Internet of Things devices at the network level.

 

Microsoft Data Centre Physical Security

  • Multi Layer physical and logical security.
  • High security perimeter fence.
  • 24/7/365 surveillance.
  • Vehicle check points.
  • World class access control procedures.
  • Multifactor biometric entry point.
  • Full body metal detection.
  • On site hard drive destruction.
  • State of the art fire suppression systems.
  • 24/7/365 protection from Microsoft’s Cyber defense operations centre.
  • 300 billion user authentications processed each month.
  • Transport Layer Security/Secure Sockets Layer (TLS/SSL), which uses symmetric cryptography based on a shared secret to encrypt communications as they travel over the network.
  • Internet Protocol Security (IPsec), an industry-standard set of protocols used to provide authentication, integrity, and confidentiality of data at the IP packet level as it’s transferred across the network.
  • Advanced Encryption Standard(AES)-256, the National Institute of Standards and Technology (NIST) specification for a symmetric key data encryption that was adopted by the US government to replace Data Encryption Standard (DES) and RSA 2048 public key encryption technology.
  • Microsoft Azure Storage Service Encryption encrypts data at rest when it’s stored in Azure Blob storage.
  • Transparent Data Encryption (TDE) encrypts data at rest when it’s stored in an Azure SQL database.

 

How some of our other customers have phrased this

- Do Reading Cloud staff have GDPR training?

- What security is in place for data?