Episerver DXC: reliable, secure & GDPR compliant

There has been a lot of talk about security and data privacy over the last few years and organizations all over Europe (and beyond) are getting ready to comply with General Data Protection Regulation (GDPR), which kicks in on May 25th, 2018. GDPR is the most important change in data privacy regulation in 20 years. A breach of GDPR can result in fines up to 4% of annual global turnover (or 20M€, whichever is greater), which is why organizations are right in taking the regulation seriously.

However, it is not just GDPR that has us thinking about data security. Web as a channel (web sites, customer portals, eCommerce…) is among the most critical customer service channels at present. Taking care of customers' privacy issues can become a competitive advantage as customers are becoming more and more aware of data privacy.

There are countless questions flying around regarding the security, reliability and data privacy of web technologies. To help everyone out, we decided to compile a '5 things you always wanted to know…' type of FAQ about Episerver DXC.

Our list covers 5 topics:

Service reliability

Question: We need 24/7 service - how reliable is Episerver DXC provide?

Answer:
The standard SLA (Service Level Agreement) for the basic DXC 'Group' license defines an availability of 99.7%. This represents an approximate period of downtime/unavailability of 2h 11m 29s monthly.

An 99.9% SLA is available at an additional cost for the Group license and 99.9% is the standard SLA for 'Corporate' and 'Enterprise' licenses. This represents an approximate period of downtime/unavailability of 43m 50s monthly.

Learn more about the current status and recent outage history on http://status.episerver.com/.

Data location

Question: We require our data to be maintained within the EU. Which data center locations are available with Episerver DXC?

Disaster recovery

Question: Downtime of our webservice or loss of data may have serious business impact on us. How fast will our service on Episerver DXC recover during a website outage or in the case of loss of data?

GDPR compliance

Question: GDPR comes into effect on May 2018. Will Episerver DXC be GDPR compliant?

Security

Question: Security is essential for us. How is data security managed in Episerver DXC?

Answer: Services are deployed on Microsoft Azureand operate on a security hardened OS, specifically designed to limit the attack surface of the operating system. The service also provides automated elastic scaling to smoothly handle traffic peaks, assuring high performance for seasonal spikes and other unanticipated spikes in traffic.

An anti-malware service is running on all service operating systems to provide drive level protection against malicious file uploads. Each customer's service is isolated by Virtual Networks. Availability and performance are constantly monitored.

All data-in-transit is encrypted via HTTPs/TLS. The delivery network provides a broader, wider attack base and the Web Application Firewall (WAF) provides state-of-the-art scanning to monitor for unusual or malicious traffic. The global 24/7/365 Episerver Managed Services team continuously manages and monitors the delivery network and WAF to anticipate and mitigate attacks including DDoS style attacks against the DNS and service. Service instances are load balanced and enabled for automated elastic scaling. In addition, Episerver provides multi-domain SSL certificates with the service.

Learn more about Episerver security on:
http://www.episerver.com/about/privacy/trust-center/security.

Thanks for reading! In case you have any questions, don't hesitate to get in touch!

Rami Karhu
Business Director, Digital Experience

+358 50 428 6070

P.S. Did you wonder what's with all the mechanical puzzles in this blogpost? Find out here!