Support's Business Continuity Plan
Pure Storage recognizes the trust that our customers place in us and we are committed to being responsible for ensuring that Pure's infrastructure is well planned and resourced to be able meet our customer's needs both now and into the future, regardless of any unplanned events that may occur.
To that end, Pure has established the following policies to address our critical infrastructure, business continuity and compliance needs and obligations:
Pure has built its infrastructure to minimize risk and maximize scale. More specifically, Pure leverages a number of Software as a Service (SaaS) offerings to run our business that Pure believes are SSAE16 compliant, including Salesforce.com (SFDC), NetSuite, Box, Google, Concur, ServiceNow, Workday, Redcarpet, Litmos, Xactly, Paylocity, Greenhouse, Citrix (Go-to-meeting), Uberconference, Shoretel Sky with Softphone Technology, Smartfile, Wiki, OKTA and Marketo. Each of these services uses an SSL encryption authentication protocol that leverages at least 128bit and up to 256bit encryption.
Because of the manner in which Pure leverages SaaS offerings, it enables BC/DR on a truly global scale. Pure's employees can work from any location that a data connection is available and meet our Customer's needs, as completely as if they were in a Pure office. All data and system access necessary to support and address Customers issues are completely available on a 24/7/365 basis. All of our service providers have been chosen to ensure that they are able to meet our BC/DR requirements. For example, our main data storage repository, Box, includes N+1 redundancy for all components, geographical diversity, and electronic and physical security measures for 24/7/365 security and data availability. Similarly, SFDC includes extensive security and BC/DR assurances, and has attained the SOC 3 SysTrust seal of approval for Service Organizations as validated by Ernst and Young. In addition, Pure's products are assembled by contract manufacturer, Avnet, that ultimately does final assembly and test in San Jose, CA. Avnet has backup capability in Arizona should there be any sort of civil or natural disruption in the ability to manufacture at the California facility.
In addition to the BC/DR benefits that the Pure SaaS infrastructure and contract manufacturing procedures provide, Pure maintains a highly secure network infrastructure that leverages state of the art information security features from Palo Alto Networks. This includes web filtering, anti-virus and anti-malware screening along with Palo Alto Networks Wildfire™ technology that automatically detects unknown threats before the organization is compromised. This secure architecture is augmented by Pure's use of leading edge endpoint protection products on all Pure endpoints and mandatory use of endpoints that meet Pure's information security requirements.
Pure leverages multiple facilities in the Silicon Valley, so that the majority of staff have access to local alternative sites in case of disaster. In addition, local, country and regional staffing have been augmented for Sales, Support and Operations in the event of disaster, travel impacts or communicable disease outbreak. Global Support have cross-trained teams and redundancy to manage customer cases in a 24/7/365 model. In addition, all laptops issued come installed with Cisco VPN clients, allowing employees to work remotely. In addition our global support team is distributed over 4 major support sites (Mountain View, CA, Lehi, UT, Dublin, Ireland, Singapore) and several smaller locations.
Pure Storage utilizes Software as a Service applications. For the data kept on premise, it is stored in secure data centers and will be replicated over secured links to a disaster recovery data center. The applications that contain our critical support function services are highly scalable, redundant, and the SaaS architecture allows us to access such applications without being depending on a physical location, allowing for fluctuation in demand while greatly reducing the threat of long-term outages. Load balanced networks, pools of application servers, and clustered databases are features of the design. In addition a distributed work force, with employees stationed both domestically (and in diverse locations in the US – e.g. California, Utah and the east coast) as well as overseas, helps to ensure we will be ready to deal with any crisis.