Security

Security is a foundational priority at HUC. Our Bangalore datacenter is designed with multiple layers of physical, network, and operational security controls to protect your infrastructure and data.

Physical Security

Access Control

• Multi-factor authentication: Access to the datacenter floor requires biometric fingerprint scan + proximity access card + PIN code.
• Mantrap entry: Dual-door interlocking system prevents tailgating.
• Authorized personnel only: Access is restricted to pre-approved individuals. Customer access requires 24-hour advance notice and valid government-issued ID.
• Visitor policy: All visitors must be pre-authorized by an account holder, escorted at all times, and sign a visitor agreement.
• Access logging: Every entry and exit is recorded with timestamp, identity, and purpose.

Surveillance

• CCTV: High-resolution cameras cover all entry points, corridors, server halls, loading docks, and perimeter.
• Recording: Continuous 24/7 recording with minimum 90-day retention.
• Monitoring: Live monitoring by on-site security personnel.

On-Site Security

• 24/7/365 security staff stationed at the facility.
• Regular patrol schedules covering all areas of the facility.
• Incident response training and drills conducted quarterly.

Fire Suppression

• Detection: VESDA (Very Early Smoke Detection Apparatus) air-sampling systems.
• Suppression: Clean agent (FM-200/Novec 1230) fire suppression in server halls.
• Portable extinguishers: CO2 and dry chemical extinguishers at designated stations.
• Compliance: Fire safety systems inspected and certified annually per local fire department regulations.

Environmental Protection

• Raised flooring: 600mm raised floor for cable management and cooling airflow.
• Water detection: Leak detection sensors under raised floors and near cooling units.
• Seismic: Building designed to withstand Seismic Zone II conditions (Bangalore classification).

Network Security

Perimeter Defense

• Edge firewalls: Stateful packet inspection at the network edge.
• ACLs: Network access control lists on all upstream connections.
• Rate limiting: Automatic rate limiting to prevent abuse and amplification.
• Bogon filtering: RFC 5735 and RFC 6598 address blocks are filtered at the edge.

DDoS Mitigation

All HUC services include baseline DDoS protection:

• Automatic detection and mitigation of volumetric attacks up to 10 Gbps.
• Advanced protection (1+ Tbps capacity with L7 filtering) available as an add-on.
• See Network & Connectivity for detailed DDoS protection tiers.

Intrusion Detection

• Network-based IDS monitoring for anomalous traffic patterns.
• Automated alerting to the HUC security operations team.
• Integration with threat intelligence feeds for known-bad IP blocking.

Managed Firewall (Add-On)

For customers who prefer HUC to manage their firewall:

• Dedicated hardware or virtual firewall appliance
• Custom rule management via support tickets
• Regular rule audits and optimization
• VPN termination
• Logging and reporting

Data Protection & Compliance

Data Privacy

• Customer data is stored exclusively on the customer's own hardware or allocated server. HUC does not access, copy, or inspect customer data unless explicitly authorized for support purposes.
• HUC staff access to servers is logged and auditable.
• All management interfaces (client portal, IPMI proxy) use TLS 1.2+ encryption.

Regulatory Compliance

HUC's infrastructure and operational practices are designed to support compliance with:

Data Destruction

When you decommission a server, HUC offers secure data destruction:

• Software wipe: NIST 800-88 compliant secure erasure (3-pass overwrite for HDDs, Secure Erase for SSDs).
• Physical destruction: On-site shredding of drives with certificate of destruction.
• Customer-performed: You are welcome to perform your own data sanitization before returning hardware.

Backup Solutions

Off-Server Backup Storage

Protect your data with backup storage hosted on separate physical infrastructure:

Backup Features

• Stored on redundant storage arrays (RAID 6 or erasure coding)
• Physically separate from production servers (different rack, different power circuit)
• Encrypted at rest (AES-256)
• Automated daily backup verification
• Self-service restore via client portal or API

Backup Protocols Supported

• rsync over SSH
• SFTP / SCP
• NFS (private network only)
• S3-compatible (MinIO-based object storage)

Disaster Recovery

Facility-Level Resilience

• Power: N+1 UPS + diesel generator with automatic transfer (see Colocation for details).
• Cooling: N+1 precision cooling with environmental monitoring.
• Network: Multiple upstream carriers with automatic BGP failover.
• Fire: Clean agent suppression with VESDA early detection.

DR Planning Support

HUC can assist enterprise customers with disaster recovery planning:

• DR site assessment: Evaluate your current infrastructure and recommend a DR strategy.
• Secondary site: Deploy replicated infrastructure in a geographically separate facility (partner datacenter).
• Failover testing: Scheduled DR drills to validate recovery procedures.
• RTO/RPO consultation: Help you define and achieve your Recovery Time Objective and Recovery Point Objective.

Recommended DR Strategies

Reporting a Security Incident

If you suspect a security breach, unauthorized access, or any security concern:

1. Immediate: Call +91 87625 28280 and request the security team.
2. Ticket: Submit a ticket at hostupcloud.help with category Security Incident.
3. Email: Send details to security@hostupcloud.com.

Next Steps

• Review Network & Connectivity for DDoS protection details
• Set up backup storage via the client portal
• Contact security@hostupcloud.com for compliance documentation
• Read the Support & SLA page for incident response commitments