Platform Security

Infrastructure security is the foundation of everything Bamboozle Web Services delivers. This page describes the controls we maintain across our physical data centers, networking infrastructure, server environment, storage systems, and virtualization layer.

Data Center Security

Bamboozle operates infrastructure across two primary locations in the United Arab Emirates — Dubai (DX1) and Abu Dhabi (AD1) — as well as Oman (OM1). All facilities are operated by Tier III or Tier IV certified colocation providers that maintain industry-leading physical security controls including:

• Biometric access controls combined with proximity card and PIN systems
• 24x7x365 on-site security personnel
• CCTV surveillance covering all access points and floor areas
• Mantrap entry systems to prevent tailgating
• Visitor escort requirements and access logging
• Locked cage and cabinet arrangements for customer equipment

We conduct regular audits of our colocation providers to verify their physical security controls meet our requirements. Certifications held by each facility are listed on our Certifications and Reports page.

Network Security

Bamboozle develops, documents, and maintains current baseline configurations for all network devices. Our network security controls include:

• Defense in depth with multiple layers of boundary protection including VLAN segmentation, ACL restrictions, and encrypted remote connectivity
• Least privilege provisioning — unnecessary ports and protocols are disabled by default
• Industry standard transport protocols including TLS for all communications between facilities and within our data centers
• DDoS mitigation at the network edge for all cloud customers
• MANRS compliance for routing security
• BGP route filtering and prefix limits to prevent route leaks
• Continuous network monitoring with automated alerting on anomalous traffic patterns

Server Security

Every Bamboozle data center implements controls to ensure physical and logical access to servers is tightly restricted:

• Hardened base operating system images applied to all servers before deployment
• Automated vulnerability scanning and patch management across the entire server estate
• Role-based access control with the principle of least privilege applied to all administrative access
• Multi-factor authentication required for all employee access to production systems
• Bastion hosts and jump servers for all remote administrative access — no direct SSH exposure to the internet
• All administrative sessions logged and retained for audit purposes
• Real-time monitoring of server performance, data, and traffic with automated incident alerting
• Certificate of destruction provided by third parties upon decommissioning of physical hardware

Storage Security

All Bamboozle storage systems are encrypted at rest using AES-256 or equivalent industry-standard encryption. Additional controls include:

• Asset inventory tracking including serial numbers for all drives and storage devices
• Full disk encryption on all systems handling customer data
• Cryptographic verification of data integrity across storage systems
• Logical separation between customer data stores — no cross-tenant access is possible by design
• Secure media destruction and third-party certified disposal for decommissioned storage devices

Virtualization Security

Our cloud platform is built on a hardened virtualization layer that provides strong isolation between customer workloads:

• Customer tenants and virtual machine deployments are logically separated at the hypervisor level
• Hardware-enforced memory isolation between virtual machines running on the same physical host
• Network isolation between customer VPCs by default — no cross-customer traffic is possible without explicit configuration
• Hypervisor software is kept up to date and patched on a regular cadence with critical patches applied within 24 hours of release
• All changes to the virtualization infrastructure are tracked through a formal change management process

Control Plane Security

The Bamboozle Cloud Control Panel and associated management infrastructure are protected by multiple layers of security:

• Role-based access control with strictly enforced separation of duties for all engineering and operations teams
• Two-factor authentication required for all employee accounts with access to production systems
• Secrets management using an industry-standard vault solution — credentials are never stored in plaintext
• All API calls to production infrastructure are authenticated, authorized, and logged
• Regular penetration testing of the control plane by qualified third-party security firms
• Immutable infrastructure practices — production systems are not modified in place but replaced with new deployments

Employee Security

• Background checks conducted on all employees prior to joining
• Annual security awareness training mandatory for all staff
• Acceptable use policies covering all company systems and data
• Immediate access revocation upon employee departure
• Regular access reviews to ensure permissions remain appropriate

Contact Us

For questions about our platform security or to report a security concern, contact us at [email protected].