Skip to content

Security & DR

Nine services across backup, disaster recovery, immutability, edge protection, posture management, and secrets.

Defense-in-depth model

graph TB
    subgraph Edge
      DDoS[DDoS Basic / Premium]
      WAF
    end
    subgraph Identity
      IAM
      OpenBao
    end
    subgraph Workload
      VPC
      SG[Security Groups]
    end
    subgraph Visibility
      CSPM
      SIEM
    end
    subgraph Resilience
      BaaS
      DRaaS
      OL[Object Lock]
    end
    Internet --> DDoS --> WAF --> VPC
    IAM --> Workload
    OpenBao --> Workload
    Workload --> SIEM
    Workload --> CSPM
    Workload --> BaaS
    BaaS --> DRaaS
    BaaS --> OL

Choosing where to start

Maturity First three services to add
Just-launched workload DDoS Basic (default), Backup-as-a-Service, Object Lock for backups
Customer-facing app + WAF + Premium DDoS
Regulated FI + SIEM + CSPM + DRaaS
Multi-region with strict RTO/RPO + DRaaS Bare Metal active replica

Compliance touchpoints

Control area Service mapping
BB ICT 4.0 §10 — Cryptography Built-in TLS / AES-256 + OpenBao for KMS
BB ICT 4.0 §15 — Incident Mgmt SIEM + Status page + RCA process
BB ICT 4.0 §16 — Business Continuity BaaS + DRaaS + multi-region
PCI DSS — Logging SIEM with PCI-aligned retention
PCI DSS — Vulnerability mgmt CSPM + WAF