Professional Documents
Culture Documents
MGA:
Source:
Hardware
1. List all production hardware such as servers, storage devices, switches and firewalls.
Kubernetes
Databases (SQL and PostgreSQL)
Redis
Serverless application (infrastructure managed by GCP).
Storage service
Secret manager
*region: it is a specific geographical location where you can host your resources.
*zone: it is a deployment area within a region.
2. List all redundant/disaster recovery hardware such as servers, storage devices, switches and firewalls.
2020 Page 1 of 10
MGA Internal Control Questionnaire – IT
MGA:
zones in the same region.A kubernetes-engine/sla
Kubernetes cluster is hosted (check Autopilot Cluster
across multiple zones. If one zone covered service)
experiences failure, the other
ones will be available. This
ensures the continuity of the
application hosted in the
Kubernetes cluster.
All ingress traffic towards the
Kubernetes cluster is filtered by a
Virtual Private Cloud Firewall.
Redis High Availability configuration >= 99.9% https://
enabled. That protects from cloud.google.com/
common failures by replicating memorystore/sla
data to several replicas, and by
providing an automatic failover
to a replica.
*region: it is a specific geographical location where you can host your resources.
*zone: it is a deployment area within a region.
1. Provide a network diagram showing network entry points, firewalls, servers etc.
See Appendix A.
2020 Page 2 of 10
MGA Internal Control Questionnaire – IT
MGA:
● Socotra
● Sigo Admin App
● Go E Merchant
● Verisk
● Hubspot
● JustCall
● CustomerIO
● HelloSign
● VinAudit
● LOB
● Google Analytics
● Mixpanel
2020 Page 3 of 10
MGA Internal Control Questionnaire – IT
MGA:
MySQL (for blog) version 5.7.37
4. List ISP’s & telecom - production & redundant lines and throughput size.
Sigo is fully cloud-based and the redundant network services are managed by Google Cloud.
The Google Cloud Network provides high performance, scale, and redundancy for customers through
globally distributed entrypoints. Google’s cloud network architecture consists of 22 regions, 67 zones,
and 140 network locations. For more information visit:
https://cloud.google.com/about/locations#network
Sigo’s VOIP phone tool is JustCall.io
5. Describe the current server / hosting environment. Is it hosted in-house, via a third party, etc.? Describe
the use of any cloud-based resources such as Amazon Web Services or Microsoft Windows Azure.
Sigo uses Google Cloud Platform. Google Cloud resources in use are the following:
N Service Description
1 Kubernetes Engine System for automating deployments, scaling, and management of
containerized applications.
2 Cloud SQL A fully managed service that makes it easy to set up, manage, and
administer relational databases.
3 Memorystore (Redis) Provides the two most popular open-source caching engines: Redis
and Memcached.
4 Cloud Functions Serverless environment to run applications in different languages.
5 Cloud Storage Store any amount of data.
6 Secret Manager Securely store API keys, passwords, certificates, and other sensitive
data
- GKE - Google Kubernetes Engine
- Secret Manager
- Cloud Functions
- Cloud Storage
- Cloud SQL (MySQL and PostgreSQL)
- Cloud MemoryStore
6. Describe any redundancies built into the hosting platform and hardware.
The following table explains the redundancy/replication that Google Cloud provides:
Cloud Service Description
Cloud SQL They count with High Availability configuration
enabled. That protects from common failures by
replicating data, and by providing an automatic
failover to a replica.
Kubernetes A Kubernetes cluster is hosted across multiple
cluster zones. If one zone experiences failure, the other
ones will be available. This ensures the
2020 Page 4 of 10
MGA Internal Control Questionnaire – IT
MGA:
continuity of the application hosted in the
Kubernetes cluster.
Redis It counts with High Availability configuration
enabled. That protects from common failures by
replicating data to several replicas, and by
providing an automatic failover to a replica.
2. Provide copies of any backup policies, and details regarding how long they have been in place.
2020 Page 5 of 10
MGA Internal Control Questionnaire – IT
MGA:
We haven’t performed a disaster recovery test yet.
. Sigo is fully cloud-based. The following table shows the Monthly Uptime Percentage per service used:
Cloud Service Monthly Uptime Percentage
Cloud SQL >= 99.95%
Kubernetes >= 99.95%
cluster
Redis >= 99.9%
Cloud Functions >= 99.95%
Cloud Storage >= 99.95%
Security
Yes – the following list shows the application that implements two-factor-authentication.
- CloudFlare
- OpenVPN
- Google Cloud Platform
3. Does the firewall contain Intrusion Prevention System and Intrusion Detection Systems?
Currently, We are using the Wazuh platform that provides the Intrusion Detection System. The
Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular
expression engine to analyze collected log data and look for indicators of compromise.
Wazuh is used for threat prevention, detection, and response. It is capable of protecting workloads
across on-premises, virtualized, containerized, and cloud-based environments.
https://wazuh.com/platform/
2020 Page 6 of 10
MGA Internal Control Questionnaire – IT
MGA:
https://documentation.wazuh.com/current/index.html
we have an Intrusion Detection System implemented. This job is done by the Wazuh platform.
4. How are you monitoring systems for unusual behavior, abnormal traffic, malicious coding and
anything that would look like an intrusion by a hacker being attempted?
- Security Analysis
- Intrusion Detection
- Log Data Analysis
- File Integrity Monitoring
- Vulnerability Detection
- Configuration Assessment
- Incident Response
- Cloud Security
5. Encryption – do you encrypt data at rest, data in transit, emails, servers, desktops, laptops or
smartphones?
Sigo uses Google G Suite as email service provider. All emails sent are encrypted in transit.
Connections to our private network, in Google Cloud Platform, through the internet are protected
and encrypted by OpenVPN tool.
Laptops and smartphones are protected with the device’s own login tools
OpenVPN
6. Is email protected by mail security – Encryption? Phishing, Spam, Threat Detection from
Advanced Persistent Threats, including botnets, malware, viruses and others?
Sigo uses Google G Suite as email service provider. G Suite provides the following protection measures:
- Encrypted emails.
- Prevents phishing attacks.
- Advanced phishing and malware protection.
- Use TLS certificate for secure transport.
- Ciphers for TLS connections.
2020 Page 7 of 10
MGA Internal Control Questionnaire – IT
MGA:
APPENDICES
APPENDIX A:
INFRASTRUCTURE
DIAGRAM
2020 Page 8 of 10
MGA Internal Control Questionnaire – IT
MGA:
2020 Page 9 of 10
MGA Internal Control Questionnaire – IT
MGA:
2020 Page 10 of 10