Linxdatacenter ensured that HubEx and myQRcards services comply with Federal Law № 152
- When: 12 November 2019
Linxdatacenter, an international expert in high-tech solutions for data storage, cloud services and telecommunications, helped Smart-Service developer meet personal data protection requirements.
Smart Service, a developer of the cloud service management platform HubEx, helps automate
the process of servicing equipment at all stages, in particular, apply for repairs, monitor the progress of repairs and monitor the operation of any equipment.
Smart Service also developed myQRcards, an online designer for creating electronic business cards based on QR codes.
The functionality of both solutions includes the storage and processing of user data falling under the classification of personal data (PD) in accordance with FZ-152 (name, phone, email address, etc.).
To ensure the processes required by law when working with personal data, Linxdatacenter provided Smart Service with the IaaS service (Infrastructure-as-a-Service) based on its cloud platform in St. Petersburg. A cloud services and information security team of specialists completed a project to transfer the server capacities of the HubEx and myQRcards desktops to the Linxdatacenter site in a dedicated secure virtual infrastructure certified in accordance with the FZ-152 requirements for processing and storing PD.
Information system for working with PD should meet three basic requirements:
access to data storage and processing servers should be through a VPN channel with encryption according to GOST;
data storage and processing servers should be constantly monitored by anti-virus protection for vulnerabilities;
data storage systems must be located in isolated networks.
The project started in June 2019 and consisted of four main stages:
testing and verification in real conditions,
monitoring systems and access restrictions inclusion
Due to the fact that the conducted work affected the working environment of HubEx and myQRcards and directly affected the availability of services for users, the transfer of server capacities was carried out in agreed time windows and was divided into several stages, each of them ended with a full test of network availability and system functionality. As a result of the project, a dedicated subnet was organized, two clusters consisting of virtual machines were migrated (Failover database cluster, Service Fabric application cluster), and data protection and encryption systems were configured.
Together, we managed to make significant changes to the existing Smart Service server infrastructure, which made it possible to increase the reliability and security of PD storage and virtually eliminate the risks of unauthorized access to user data. These changes ensured compliance with FZ-152, which is also confirmed by the conclusion on the compliance of the infrastructure with the requirements for storing PD.
“The key factor in choosing Linxdatacenter as a contractor was the company's ability to provide server capacity in separate zones that met the requirements of Federal Law 152, backed up by a conclusion on compliance. Getting the end-to-end service “infrastructure for IT solutions plus compliance with the requirements of FZ-152” practically on a turn-key basis helped us not only to solve purely infrastructural issues, get SLA and other components of an IT project from a service provider, but also guarantee the legal purity of the service, ” Maksim Grishkov, Technical Director of Smart-Service, comments on the project results.
“Our company fundamentally approaches the solution of all problems associated with the Federal Law-152. As a licensee of FSTEC, we provide customized solutions in the field of customer data collection, processing and storage. The modern business realities involve working with personal data using IT tools. Our goal is to provide a turnkey solution that takes into account the peculiarities of customers' business processes, the necessary hardware and optimal architecture, prescribes regulations for company personnel with full compliance with regulatory requirements in this area. We are pleased to launch another successful project on the market and confirm our competencies in providing secure PD processing based on the most modern infrastructure IT solutions, ” adds Boris Merkulov, Linxdatacenter cloud solutions and information security engineer.