(This post is part of the Lawyer-Focused Design series, which explores 10 ways in which Disco is designed for lawyers.)
Disco protects data in transit and on disk using SHA-1 key exchange, AES-256 encryption, TLS, SSH, and SCP. Data resides on dedicated Disco machines (not public cloud hardware, like Amazon AWS) in SSAE 16 SOC 1, SAS 70 Type II audited data centers in Arizona, Texas, Virginia, and London.
All data centers have 24×7 on-site security and network-operations-center staff; an alarm system with camera surveillance covering the entire perimeter and data-center area as well as all entrances and exits; and secure entrances with mantraps, biometric identification, keycard access, and multifactor authentication.
All data is replicated from a primary data center to a secondary data center in a different state. All machines are fully redundant so that a machine can go down with no data loss and no loss of access for users.