Security At Radius

Radius is committed to the security of our infrastructure and our users' data. Every component of our infrastructure has been designed to give you the foundation to manage your account securely to meet your needs. Radius meets the requirements for HIPPA compliance. While Radius is not a Covered Entity as defined by HHS, Radius does contain requirements within the system that Covered Entities include such as: Unique User Identification, Emergency Access Procedure, Password Requirements (Minimums and Change Requirements), Encryption, Decryption and more.

Shared Security Model

Security is up to all of us, including you.

Security is a shared responsibility at Radius. We control the physical and virtual hosts and can offer a high level of physical and environmental security with both our compute and storage offerings. You're responsible for making sure your Radius Account are securely configured and patched. By following best practices, you can build accounts to meet the exacting standards required by HIPAA, PCI-DSS, GDPR, and your customers.

Physical Security and Networking

Every Instance of Radius has extensive physical, environmental, and network capabilities in place:

Access to the data center floor is restricted to data center employees and authorized visitors.
Data Centers are staffed 24/7/365 with security guards and technicians.
All employees and visitors are identified using biometrics and state issued Ids before entering the facility.
HVAC and power have redundant systems, so if one goes out, the others keep our systems powered and within operating temperature.
Multiple Internet carriers using independent fiber connections to the data center floor.


Server Security

The servers themselves operate within Xen Virtualization, which ensures that each server has its own kernel and user space, which are fully separate from other servers.

Firewall to limit and block unwanted inbound traffic.
SSH key pair authentication connections are authenticated by matching the public key with the private key
Fail2Ban prevents dictionary attacks on servers. When Fail2Ban detects multiple failed login attempts from the same IP address, it creates temporary firewall rules that block traffic from the attacker’s IP address
2048-bit SSL Encryption (https://accountnamehere.radiusbob.com)


User Authentication

Account Level Admin controls to maintain organizational security requirements.

Unique Usernames and Passwords
User Password Requirements – Minimum Password Length, Maximum Password Age (Required Password Changes over X Days)
New Session Date and Time Stamped Per User
Two Factor Authentication Login through SMS (2FA)


Database and Data Storage

Daily, Weekly and Monthly Data off site backups
Encrypted Data in Motion
Encrypted Data at Rest
Server Logs at User Level.

HIPAA (U.S. Health Insurance Portability and Accountability Act):

Covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) can maintain compliance using Radius as their Cloud Hosted Solution. While Radius provides the platform and does not generally engage in activities or functions that make it a HIPAA Covered Entity, the compliance responsibilities are handled by your organization. Specifically, a customer that subscribes to use a Radius Account has the exclusive authority and ability to manage all technical safeguards required by HIPAA with respect to its PHI, including access controls, audit controls, integrity, authentication and transmission security.

Recommendations

Radius recommends that you configure your account using the built in Security Measures.

For some guidance on how to harden your systems, start here:

Unique Username And Passwords
Set Required Minimum Password Characters to 8 Minimum
Set Password Update for every 90-120 Days for Users
Require Two Factor Authentication Upon Login for Users
Build Custom Fields using the Encrypted Option
Delete Users as quickly as possible