Why We Are The Best Hosting Provider...

This letter was written in response to a client to address their concerns related to the security and safety of their data with Tomahawk.
 

Though a Carleton Place (small town outside of Ottawa) based business we are an enterprise level hosting provider. We are fully PCI compliant and follow all of the necessary protocols for fault tolerance and security. We are entrusted with credit card data and business processes for many small organizations but also for numerous universities and colleges through the use of our ParkAdmin software. These large scale clients have been the catalyst for us to be one step ahead of the industry standard in the areas of monitoring and security.

Our servers are monitored regularly through software that makes decisions based on the length and type of a failure. As an example, we have the ability to migrate a server from one physical box to another in less than a minute. We have 5 physical servers in this pool, each with enough memory and CPU power to handle up to 8 virtual machines (VM) at any one time; definitely one of the beauties of virtualization. This same benefit allows us to take a complete ("bare metal") snapshot of a running machine at any time, which is done twice a month. At any time we have complete machine snapshots dating back 3 months.

On top of that all of our storage is RAID-5 with fail over to secondary NAS devices. One of the secondary devices also serves as a backup platform for the VM's and for replicated data during the day. All working data is stored to RAID-5, and twice a day an incremental change of that data is recorded. Every 7 days a full working data backup is taken from the data drives. This model results in a full copy of all the volatile data in the event of a catastrophic or corruption related failure.

At the network security end we have implemented firewall appliances for front line protection. Our storage network (SAN) utilizes physically separate devices on its own network for storage only traffic. This network is only accessible to the devices which run the virtual systems, and not the virtual machines themselves. On each VM we run virus scanners which through realtime protection scan all incoming traffic to ensure validity and sanity. As a further precaution all web servers run filters to filter off any bad or malformed web requests.

Our firewall appliance also utilizes RBL services to filter and deny traffic from any known spamming or illegitimate sources. These RBL lists are maintained outside of our organization by security groups focused on assisting operations such as ours.

In all cases, SSH (and SQL) access is only granted to specific static IP addresses. All other remote access is allowed only through VPN connected sessions. Our own office implements a SonicWall static VPN uplink to our colocated servers in Ottawa. This limits all server's public exposure to the world to just web, FTP, mail and DNS traffic.

Our uplink in Ottawa is OC-3 with several different upstream providers. In the event Bell is out, traffic would pass through Telus as an example. Of course, it should also be understood that traffic is routed based on "best path" type scenarios. The facility is physically secured through the use of retinal scanners and locked cabinets. It also implements temperature control, fire suppression systems and multi diesel backup UPS/power systems.

At Tomahawk we take great value in client data and we understand the integral part that it plays to make your business successful.  We treat all data with the same level of importance whether it is third party payment related or simple web graphics.