WEBGAP Datacenter Security Factsheet

WEBGAP’s primary datacenter is located within an ex-military communications bunker in Des Moines, Illinois that has been electromagnetic Pulse (EMP) shielded with a 3ft thick reinforced concrete, all-subterranean construction designed to survive a 20-megaton nuclear blast, with all critical equipment is shock-mounted on isolation pads. We also have nuclear/biological/chemical (NBC) air filtration to ensure that the WEBGAP team can breathe clean air and ensure the WEBGAP service stays up and running in the event of a nuclear attack on our facility.

WEBGAP’s datacenter facility offers unsurpassed physical security and represents the most secure and hardened facility in the entire Midwest.

Physical Security

All persons entering the facility must first pass through a separate surface building and then through the dual 4.5-ton steel man trap security door. Software in the access controller logs all entry and exit attempts and then reports them to site security. Visitors randomly undergo multistage ID check and screening procedures including a parcel search to prevent unauthorized materials from entering or leaving the data center. All equipment checked into the facility is opened and screened for security before being allowed into the facility.

Facility Monitoring

Every approach and all critical areas inside and surrounding the data center are monitored with surveillance cameras. Cameras have full views from diverse and independent angles; no key locations are without some form of visual security, and digital archives are kept should they need to be referenced at a later date.

Access Controls

All personnel must use a keycard, biometric verifier, and cypher keypad again to gain access through doors within the data center. Each set of doors acts like a man trap due to their secure design and nature of the system. Each door is secured by both maglocks and one-inch steel bolts. This allows us to maintain complete control of all critical areas within the data center.

Location

The data center is located outside of town to ensure that no strike, traffic jam, chemical spill or other urban-related incident can interfere with data center operations and accessibility. Agricultural surroundings and inconspicuous location deter would-be saboteurs who would immediately be noticed as out of place.

NIST

Offsite Workers

Our offsite workers who are not physically present in the data center adhere to the NIST SP 800 series of information security controls and framework, specifically, we use NIST SP 800-39, 800-53, and 800-171 to ensure security.

Security Attestations

WEBGAP provides certified security attestations for our primary, secondary and tertiary data centers covering the SAS 70, SSAE 16, SOC 2, SOC 3, FISMA and FedRAMP accreditations and standards, please ask us for these by sending an email to our Chief Security Officer using [email protected]

Cloud Service Security Standards

As per our partnership with accredited cloud service providers, WEBGAP is protected by top-level standards of security, ISO 27017, AICPA SOC, ISO27001, and more.

    ISO 27017
  • ISO 27017
    • Information Security Management System Certification that provides implementation and guidance applicable to controls specified in ISO/IEC 27002 for cloud services and their customers.
    AICPA SOC
  • AICPA SOC
    • Compliance certification that provides strict security guidance and performs secure audits on infrastructure, software, people, and procedures for the following criteria: security, availability, confidentiality, processing integrity, and privacy.
    ISO 27001
  • ISO27001
    • Certification that specifies the requirements for establishing, implementing, maintaining and continually improving security systems, as well as the assessment and treatment of information security risks.

Testing and Security

WEBGAP regularly performs tests to our tech’s security and updates software, hardware, and personnel use when needed. WEBGAP continues to improve security with regular penetration testing from accredited professional hackers. Using these tests, we continually keep user safety in mind and build upon our tech and our user’s protection.

Security and Personnel

All WEBGAP employees adhere to our WEBGAP Information Security Policy to maintain high-level security in all new and existing personnel. This includes secured accounts, MFA, password protection, regular security screenings, and policies regarding safe storage locations and disaster protection. All contractors and acquaintances are tiered specific accesses in accordance with our Information Security Policy, and monitored by the project manager and CISO.