Platform overview
Squiz DXP architecture has been built on AWS cloud hosting services to provide a highly available, fault-tolerant, and secure solution. We are combining the security of certified AWS services with the Squiz ISO27001-certified environment to deliver a first-in-class SaaS platform.
This results in a robust solution with a 99.95% uptime with built-in fault tolerance using load balancing and resilience across multiple availability zones. Coupled with Squiz’s mature information security management system that assesses risk, and continuously remediates vulnerability through implementing multiple layers of security.
Security at Squiz
Providing your customers with the best digital experience includes giving them the assurance that your services live up to the best security practices. Squiz lives security at our core protecting our customers and your clients from our technology to our people.
Squiz approaches security as part of what we do, making the services our customers use secure from the get-go.
Squiz DXP is resilient
Squiz employs a multi-tier approach to providing a resilient DXP.
Using multiple AWS availability zones ensures the service is distributed over multiple geographical locations, while still preserving the choice to host your data within a single country.
With our high availability solutions, we can provide a Recovery Time Objective (RTO) of 30 minutes and a Recovery Point Objective (RPO) of 5 minutes for most scenarios, and with daily data backups, in the event of an extreme disaster a Recovery Time Objective (RTO) of 5 days and Recovery Point Objective (RPO) of 8 hours.
Squiz DXP is highly available
Sites use specialized Squiz Edge workers enabling lightning-fast caching in conjunction with a Cloudflare Content Delivery Network (CDN) providing content to customers from local sources.
Squiz DXP workloads use Elastic Load Balancing to distribute workloads across multiple AWS zones within a region, this ensures our DXP is highly performant and fault tolerant.
Squiz DXP is highly scalable
Squiz DXP is a highly scalable Platform that can scale both automatically and on demand. Coupled with our ability to load balance across multiple zones, the DXP platform is able to scale quickly in response to high traffic volumes or meet customer business needs that are driven by social, market, or world events.
Squiz DXP monitoring
Squiz DXP is continuously monitored using third-party tools that provide proactive updates to support and engineers who can interpret platform performance in real-time, as well as keep our 24x7 support teams up to date on our platform status.
How Squiz approaches vulnerabilities
Our environment monitors for known vulnerabilities. All critical Common Vulnerabilities and Exposures (CVEs) are patched within 24 hours of detection.
Squiz web application security
We approach the development of our DXP considering OWASP for best practice, and baking security at design time.
All DXP web applications are hosted behind Squiz Edge on Cloudflare, providing Web Application Firewall (WAF) capability on request, reducing the threat of common web application exploits.
Our encryption
We allow customers a Bring Your Own Key (BYOK) approach, ensuring that our TLS (1.2 or above) capability is further boosted, with your own certificates, giving our customers the control for encryption in transit.
Datastores and storage are encrypted at rest by AWS by default, and database-level encryption is implemented where customers require it.
Squiz denial of service protection
All DXP web applications are hosted behind Squiz Edge on Cloudflare, providing network, transport, and application layer DDoS protection.
Our certifications, Independent audits, and security testing
Squiz maintains an ISO 27001-certified Information Security Management System (ISMS), and undergoes an annual external security audit.
Our internal audit regime aligns with our ISO 27001 certification audits and also includes full annual audits of our security controls.
Risk management
Our security risk management practice is based on our continual assurance approach with monthly checks on control effectiveness for an up-to-date view of risk, considering internal and external changes.
Data sovereignty
Customers using Squiz-managed AWS hosting can select from hosting in the United Kingdom, North America, and Australia. Squiz capabilities use AWS hosting in a single region across multiple availability zones. Storage and processing of sensitive information including PII will take place within the deployed region.
Squiz DXP offers logical separation of tenant data at the database level. Each tenant database is secured with individual credentials ensuring that data cannot be inappropriately accessed. The underlying database infrastructure may be pooled with other tenants.