Security of the Mojo Cloud

Mojo is the undisputed leader in WLAN security. We install our cloud applications within global Infrastructure-as-a-Service (IaaS) data centers. Mojo is the only WiFi vendor that ensures security of the cloud through the IaaS provider, but also security of the cloud application itself. Read Security of the Mojo Cloud whitepaper.   

Company Certification

Most WLAN vendors rely upon the security certifications of the datacenter, but that is not enough. Mojo ensures that our software development and cloud management processes running on top of data center infrastructure are certified to strict industry standards. Mojo has established its own rigorous processes to achieve the highest level of security possible and validated through the following certifications:

  • ISO 27001:2013 
  • SSAE 16 SOC 2
  • Regular audits of software development, cloud applications and operational security controls performed by validated third parties

Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) was created in 2014 in response to an Executive Order of the President of the United States to provide guidelines and practices for owners and operators of critical infrastructure to mitigate cyber risks. It is a voluntary framework consisting of standards, guidelines, and defined best practices to protect critical infrastructure. Click here to download detailed information on how Mojo Cloud implements the NIST Cybersecurity Framework.

Mojo NIST Cybersecurity Framework thumbnail

Data Center Certification

We hold a high standard for IaaS providers. Together our IaaS provider and cloud operations team have put in place a series of environmental controls to ensure the physical and network security of your Mojo experience. Among other criteria, we require our IaaS providers to demonstrate:

  • ISO 27001:2013 certification
  • SSAE 16 SOC 1, SOC 2 and SOC 3 certification
  • Regular audits of physical, logical and data security controls performed by validated third parties

Three-Tier Firewall System

Three firewalls exist between the Internet and your individual cloud instance to deliver maximum protection.

  • At the outermost boundary a perimeter firewall surrounds the Mojo cloud infrastructure. This firewall is focused on blocking network scans, attacks and external connection attempts, keeping the entire Mojo cloud protected from external threats. The firewall rules are managed by the IaaS provider and reviewed and updated every 24 hours.
  • Within the Mojo cloud a firewall surrounds each physical host. This firewall looks for and stops activities like promiscuous mode and host IP spoofing to reinforce the logical separation of tenets within the service provider’s data centers. Again, the firewall rules here are managed by the IaaS provider and reviewed and updated every 24 hours.
  • We implement our own firewall between virtual hosts as well. Here we have complete control and use it to strictly enforce which ports are allowed inbound and outbound to access any particular virtual instance.

Regular Vulnerability Scans

We run regular vulnerability scans to validate firewall settings; in particular those rules that govern port allowances. These scans help ensure that firewall rules have been deployed successfully.

Web Application Security

Web application security scans focus on finding vulnerabilities at the web application level. The objective of web application security scans is to ensure that there are no exploitable vulnerabilities if an unauthorized user attempts to access the application.

Mojo Networks deploys 24x7 automated WAS scanning using WhiteHat Security services and complements it with twice a year manual (deep) scans by WhiteHat Security experts.

Physical and Environmental Security

The IaaS provider enforces strict rules around physical access to data centers. These include (but are not limited to):

  • Two-factor authentication at every point of ingress into and within data centers
  • Active monitoring by professional security staff using video surveillance, intrusion detection systems and other electronic means
  • Maintaining access logs and performing periodic audits of those logs