Skip to main content
Skip table of contents

Thru Operations Access Governance

Security, Access, and Environmental Control

To prevent unauthorized and unnecessary access to the Thru Azure Infrastructure, we have implemented a comprehensive approach that ensures stringent controls and safeguards are in place. By implementing these rigorous security measures, we ensure that only authorized Thru operational personnel with the appropriate credentials, certificates, and multifactor authentication are granted access to Thru Environment.

Approved Thru operational personnel are granted access to the Thru Azure Infrastructure using a highly secure and controlled process. The following subsections cover how we manage access:

Certificate-Based VPN (Virtual Private Network) Access

Thru enforces the use of certificate-based Virtual Private Network (VPN) connections for accessing the Thru Azure data center. This adds a layer of security by requiring unique digital certificates to authenticate users. Normal User accounts are not used to access the dedicated environment.

Multifactor Authentication (MFA)

Access to the Thru Azure portal is further fortified by requiring multifactor authentication. This means that along with their username and password, users are also required to provide a second form of authentication, which is a one-time code (TOTP) from Microsoft’s MS Authenticator mobile phone app.  In emergencies, 2 Factor via SMS is also a supported method by Microsoft but not used by default and not recommended.

Regular Auditing and Monitoring

We conduct regular manual audits and monitoring of access logs to ensure that only authorized personnel are accessing the data center. We also have automated alerts, rules set, and actions that scan all of our collected logs searching for and taking action against suspicious or unauthorized activities.

Alerting

Using Azure and Wazuh Alert capabilities to generate rule-based alerts to detect unexpected behavior and to adapt to evolving internal or external threats.

Restricted Accounts

Only designated key operational personnel with specific roles and responsibilities are granted access to Thru Azure data center locations. Everyone's access is tightly controlled and based on a need-to-know basis. These accounts are separated from 'normal user' accounts and will be limited to accessing only the applications and assets necessary for their respective roles with additional MFA requirements.

Configuration Management Database (CMDB)

Thru follows the ITIL (Information Technology Infrastructure Library) framework to govern the necessary controls for change management, data integrity checks, access controls, and audits. This is designed to maintain the accuracy and security of configuration data and as an aid in any support or Production incidents.

Operational Staff Pre-Employment Security Controls

These roles will reside in either the UK or the USA and will have passed the background checks and screening process as outlined below.

UK Operations Staff

  1. ID verification and right-to-work check - Must be accompanied by copies of original identification documents such as passport, driving license, and/or birth certificate.

  2. A 5- or 10-year written career history – Involves an analysis of all periods of employment, as well as confirmation of employment gaps of up to 31 days (about 1 month).

  3. Criminal records screening – To a level of Basic Disclosure, which details unspent criminal convictions and conditional cautions.

  4. Global watchlist check – Cross–referencing the individual's name(s) against various sanctions, watchlists, and fraud databases, including the HM Treasury's consolidated list of financial sanctions targets in the UK.

US Support Staff

  1. Background check – Run a criminal background check to look for any convictions or arrests. Focus on positions handling sensitive data or money.

  2. Applicant’s career history – Check employment and all other documentation in the application form and supporting documentation for completeness and accuracy.

  3. Academic and professional qualifications – Confirm where information security risk analysis requires it.

  4. Independent identity check – Passport or similar document.

  5. Satisfactory character references – Normally, at least one business and one personal.

  6. Credit checks, where appropriate.

Operational Staff: Offboarding

Access rights will be promptly revoked from information resources upon termination or change of employment or when job duties no longer provide a legitimate business reason for access, except where specifically permitted by company policy. Unless otherwise authorized in writing, when an employee voluntarily or involuntarily separates from their department, information system privileges, including all internal, physical, and remote access, will be promptly revoked. Any access list that grants the exiting employee physical access to a limited-access area will be updated appropriately to reflect the change in employment status.

Authentication Methods

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.