G4
G4

Security Overview

Last updated: 2026-05-02 | Version 1.5

Plain-language summary: G4 Cloud takes security seriously. We encrypt all data at rest (AES-256) and in transit (TLS 1.3), maintain SOC 2 Type II and ISO 27001 certifications, conduct regular penetration tests, and have a 24/7 security operations team. We notify affected customers within 72 hours of any security incident.

1. Security Program

G4 maintains a comprehensive security program designed to protect the confidentiality, integrity, and availability of Customer Data. Our security program is based on industry-leading frameworks including ISO 27001 and NIST CSF.

2. Certifications and Audits

  • SOC 2 Type II: Audited annually by an independent CPA firm. Covers Security, Availability, and Confidentiality trust service criteria.
  • ISO 27001: Certified for our Information Security Management System (ISMS).
  • GDPR: Full compliance with EU data protection requirements.
  • PCI DSS: Payment processing infrastructure is PCI DSS Level 1 compliant (handled by Stripe).

3. Encryption

3.1 Data at Rest

  • All Customer Data is encrypted at rest using AES-256 encryption.
  • Encryption keys are managed through a Hardware Security Module (HSM) and rotated automatically.
  • Database volumes and backups are encrypted using AES-256.

3.2 Data in Transit

  • All communications with G4 services require TLS 1.3.
  • Perfect Forward Secrecy (PFS) is enforced.
  • Internal service-to-service communication is encrypted using mutual TLS (mTLS).

3.3 Zero-Access Encryption

G4 maintains a zero-access architecture. Our systems are designed such that G4 employees cannot access Customer Data contents without explicit customer authorisation or lawful request.

4. Infrastructure Security

4.1 Cloud Infrastructure

G4 operates on Amazon Web Services (AWS) and Google Cloud Platform (GCP). Both providers maintain multiple certifications including SOC 2, ISO 27001, FedRAMP, and PCI DSS.

4.2 Network Security

  • Multi-region deployment with automatic failover
  • Web Application Firewall (WAF) protecting all endpoints
  • DDoS mitigation via Cloudflare
  • Network segmentation and micro-segmentation
  • Intrusion Detection and Prevention Systems (IDPS)

4.3 Access Control

  • Multi-factor authentication (MFA) required for all production access
  • Role-based access control (RBAC) with least-privilege principle
  • Just-in-time (JIT) access provisioning
  • Quarterly access reviews

5. Application Security

  • Code review required for all changes
  • Automated static application security testing (SAST)
  • Dependency scanning for known vulnerabilities
  • Container image scanning
  • Regular penetration testing by independent third-party firms

6. Identity and Access Management

  • Single Sign-On (SSO) support via SAML 2.0 and OIDC
  • SCIM provisioning for automatic user lifecycle management
  • Password policies including complexity requirements and rotation
  • Session timeout policies

7. Monitoring and Incident Response

7.1 Security Monitoring

  • 24/7 Security Operations Center (SOC)
  • SIEM with real-time correlation and alerting
  • User and Entity Behavior Analytics (UEBA)
  • Endpoint Detection and Response (EDR)

7.2 Incident Response

G4 has a documented Incident Response Plan that includes detection, containment, eradication, notification (affected customers notified within 72 hours), and post-mortem analysis.

8. Data Backup and Disaster Recovery

  • Automated daily backups with point-in-time recovery
  • Cross-region backup replication
  • Recovery Time Objective (RTO): 1 hour
  • Recovery Point Objective (RPO): 15 minutes
  • Quarterly disaster recovery testing

9. Employee Security

  • Background checks for all employees
  • Confidentiality and data protection training upon hire
  • Annual security awareness training
  • Phishing simulation exercises

10. Business Continuity

G4 maintains a Business Continuity Plan (BCP) covering pandemic response, natural disaster recovery, supply chain disruption, and key person dependency mitigation.

11. Third-Party Risk Management

  • Vendor security assessments for all Sub-processors
  • SOC 2 and ISO 27001 certification review
  • Contractual security requirements through DPAs
  • Annual vendor reassessment

12. Reporting a Vulnerability

If you discover a security vulnerability in a G4 service, please report it to security@g4.business or via our bug bounty program at https://hackerone.com/g4cloud. We follow a coordinated disclosure policy and will respond to verified reports within 72 hours.

We use cookies to improve your experience. By using G4 Cloud, you agree to our Cookie Policy and Privacy Policy.

We use cookies to improve your experience. By using G4 Cloud, you agree to our Cookie Policy and Privacy Policy.