Hii Retail Security FAQ

Built upon Google’s secure-by-design cloud infrastructure, our Hii Retail solutions employ a defense-in-depth architecture to safeguard the confidentiality, integrity, and privacy of your data. We adhere to industry-standard security frameworks, including ISO/IEC 27000:2018, maintaining rigorous security controls in our software development and SaaS operations. To receive updates on security-related matters, sign up here.


Are Hii Retail services vulnerable to ransomware attacks?

In a ransomware attack, data is encrypted and rendered unusable. The data can only be decrypted if the data owner is willing to pay a ransom in exchange for a key held by the attacker. Ransomware is only effective if the data has value to the owner. That value is directly proportional to the difficulty the data are to recover.

The majority of Hii Retail services are stateless by design, meaning they do not rely on stored data. Thus, these services hold no ransom value. When we must store data, for example in a file system or database, we perform regular backups and ensure that data can be restored quickly and with minimal loss.

Lastly, all application code and configuration we deploy on the Hii Retail platform is sourced from version control and deployed using automated processes. This is how we achieve operational scale, allowing a single engineer to deploy entire systems in minutes. If a system is compromised, we are able to destroy it and replace it with an unaffected clean version within minutes.

How does Extenda Retail protect its software from security vulnerabilities?

We focus on security throughout the entire development lifecycle, employing controls at each stage of development aimed at detecting and remediating the potential for risks introduced by every change. Controls include, but are not limited to:

  • Automated detection of known vulnerabilities in software dependencies
  • Static analysis of application code for the detection of security defects
  • Automated detection of misconfigurations in infrastructure as code
  • Scanning of container images for known security vulnerabilities
  • Mandatory peer reviews before code changes can be merged and deployed
  • Scanning of deployed web applications for vulnerabilities including OWASP Top 10

How does Extenda Retail protect its development environment from unauthorized access?

As a pure cloud service, Hii Retail has no on-premise development infrastructure. Nor do we maintain test environments, or other physical or virtual test systems within our corporate estate. Instead, all development is performed on the local developer workstation, or within an environment on the Google Cloud Platform. Security control standards implemented within non-production environments are equal to those within the production environment.

We have implemented a zero-trust security model. Access to non-production systems, whether within the Google Cloud or within the perimeter of our corporate estate, cannot be used as means to circumvent security controls to gain access or to deploy changes to production systems.

How is data encryption handled?

All Hii Retail data is encrypted by default when stored on the Google Cloud. Neither Extenda Retail nor its customers are responsible for enabling or configuring this encryption. Encryption cannot be disabled by any means by Google, Extenda Retail, or its customers.

Every accessible Hii Retail service is configured to accept connections using Transport Layer Security (TLSv1.2 or above). This ensures that all data in transit between Hii Retail systems and our customer systems and users is encrypted. Unencrypted data channels are not present or available for use by our customers.

How is Hii Retail data protected from loss or corruption?

We follow all Google design guidelines to achieve the highest possible data resiliency and durability targets. Many of Google Cloud’s services are durable by design, automatically replicating data to multiple redundant locations within a geographic region. To protect the integrity of data, we establish tested backup and restoration processes to ensure that data can be recovered within the stated time and recovery objectives in our published Service Level Agreements.

What responsibility do I have as Extenda Retail's customer?

It is the customers’ own responsibility to protect their own network, hardware and devices.

Security best practices

Explore these best practices for meeting your security and compliance objectives as you deploy workloads on Google Cloud.

Google Cloud security best practices center


“BeyondProd: A new approach to cloud-native security”

“Google Infrastructure Security Design Overview”