Area 1 Certifications,
Audits & Assessment
Resources for compliance professionals
Cloud Platforms
Area 1’s email and web protection platforms in the cloud are architectured for enterprise-grade security and availability. Our platform is built on a mix of Amazon’s Web Services (AWS) and Google Cloud Platform (GCP), both of which are ISO 27001 compliant, and also SSAE 16 SOC I and SSAE 16 SOC II compliant for reporting.
Certifications & Audits
Area 1 hosts its security services on cloud
based infrastructure that is SOC-II, ISO 27001,
PCI and HIPAA compliant. Area 1 also adheres
to the ISO 27001 and SOC-2 frameworks. As
part of our formal security controls, we also conduct internal and third-party penetration
tests on a regular basis.
Business Continuity
Area 1 leverages – and adds upon – many of AWS’ and GCP’s underlying features for security, availability, redundancy, geo-failover and dynamic scalability. This includes use of multiple regions and multiple availability zones within each region. Area 1’s disaster recovery plans are also tested annually, and are consistent with industry best practices.
Cloud Platforms
Area 1’s email and web protection platforms in the cloud are architectured for enterprise-grade security and availability. Our platform is built on a mix of Amazon’s Web Services (AWS) and Google Cloud Platform (GCP), both of which are ISO 27001 compliant, and also SSAE 16 SOC I and SSAE 16 SOC II compliant for reporting.
Certifications & Audits
Area 1 hosts its security services on cloud
based infrastructure that is SOC-II, ISO 27001,
PCI and HIPAA compliant. Area 1 also adheres
to the ISO 27001 and SOC-2 frameworks. As
part of our formal security controls, we also conduct internal and third-party penetration
tests on a regular basis.
Business Continuity
Area 1 leverages – and adds upon – many of AWS’ and GCP’s underlying features for security, availability, redundancy, geo-failover and dynamic scalability. This includes use of multiple regions and multiple availability zones within each region. Area 1’s disaster recovery plans are also tested annually, and are consistent with industry best practices.
Data Isolation & Security
In-Geo Processing
Area 1 can enable in-geo processing of emails and DNS traffic to comply with regional security and privacy policies as required by the customer.
Email Logical Isolation
Every email flowing through Area 1 mail servers gets a unique, logically isolated ID assigned to it which are independent and randomly generated. All messages flowing through the system are scrambled and arrive at system-generated compute and storage services that are automatically assigned based on load, availability and security policies; with no specific identifiable path to any physical resource.
Email Routing
For message routing, everything is done by the TO field in the email, more
Specifically, which domain is in the TO field, such as user@yourdomain.com. We know exactly where the email should be routed to after scanning (typically Google or Microsoft servers). The code doing this work doesn’t have any “state” or knowledge, other than getting instructions about where to move the message to, based on this field.
Retention & Forwarding
Area 1 never stores good messages after processing. Our system automatically analyzes messages as they flow through our detection algorithms, then delivers them (if the message is good) to the next hop in the email routing chain; or takes specific action (if the message is malicious, suspicious or a spoof). Area 1 has handled billions of email messages utilizing this highly scalable, secure, fault-tolerant architecture.