# Cloud Security ### **Cloud Security** emSigner follows a tiered security model where it relies on the best cloud hosting providers for hosting, infrastructure, and network security arrangements, while ensuring that continuous monitoring is done by a dedicated team of security professionals. As part of our privacy compliance efforts, comprehensive employee training and awareness is conducted on an ongoing basis, which is supplemented by Data Protection Impact Assessment along with internal and external audits. #### Data Center Physical Security[
](https://support.emsigner.com/security/#collapse-5c22e4e6501952467b7c)Facilities emSigner is hosted in AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. To learn more on AWS facilities compliance, please click [here](https://aws.amazon.com/compliance/programs/).\ \ AWS infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data. To learn more on AWS facilities compliance, please click [here](https://aws.amazon.com/compliance/data-center/controls/). **On-site Security** AWS on-site security includes features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. To learn more on AWS facilities compliance, please click [here](https://aws.amazon.com/compliance/data-center/perimeter-layer/). **Data Hosting Location** emSigner leverages AWS data centers in the United States, Europe, and Asia Pacific region. emSigner offers multiple data location choices including APAC (India), United States, Europe, and Middle East. For more information click [here](https://stats.uptimerobot.com/51KP3F0myM). ### **Network Security** **Dedicated Security Team** Our dedicated security team is available 24/7 to monitor and respond to any security events and alerts. **Protection** Our network is protected through regular audits, and network intelligence technologies, which monitor and/or block malicious traffic and network attacks. **Architecture** Our network security architecture consists of multiple security zones. Sensitive systems such as database servers are protected with private subnets with controls and restrictions on traffic emerging from or to the subnet. Depending on the zone, additional security monitoring, and access controls will be deployed. DMZs are utilized between the Internet, and internally between the different zones of trust. **Network Vulnerability Scanning** Network security scanning is carried out regularly for quick identification of out-of-compliance or potentially vulnerable systems. **Intrusion Detection & Prevention** We have deployed AWS GuardDuty that continuously monitors our networks to deliver intelligent security analytics and threat intelligence, thereby providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. **DDoS Mitigation** We have deployed AWS Shield, a managed Distributed Denial of Service (DDoS) protection service, to safeguard emSigner. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency. **Logical Access** Access to the emSigner Production Network is restricted on an explicit need-to-know basis. Least privilege access is continuously audited, monitored, and controlled by our Security Team. Employees accessing the emSigner Production Network are required to use multiple factors of authentication to ensure security.