The Experian One Platform

About The Experian One Platform

The Experian One Platform is a Software as a Service platform providing enterprise level decision making tools. It brings together the PowerCurve® Decision Analytics and Identity & Fraud products and common deployment patterns into pre-configured as well as configurable solutions, with a fast set up time and affordable pricing, delivered through the cloud.

The Experian One Platform is suitable for real-time decisioning in many industries. The platform enables clients to link custom decision strategies with a managed runtime for testing and high-performance execution.

Security Design Principles

The Experian One Platform is constructed using docker container images to build, test and deploy immutable software in consistent patterns, while running the processes in access-controlled compartments that can reflect organisational structure. Data storage is equally compartmentalised so that each instance of a service receives its own encrypted and access-controlled database, ensuring each service can only access its own data.

Running services can be terminated and restarted at any time, either to cater for increasing demand or due to capacity management. Any restart will be from a reference image which is a known-secure configuration. Given this behaviour, it is faster and easier to apply security changes by updating and re-releasing as a new version of the reference image rather than attempting changes to running containers. All software is subjected to automated security testing as part of the release process so that restarts are from a known and recently tested version.

Logical access control is maintained by a simple trust model with few dependencies between components at runtime. This allows every request to be validated to verify the authenticity and access rights of the caller before it is executed. The platform runs on infrastructure provided by commercial Infrastructure-as-a-Service providers that have a track-record for operating at immense scale with high levels of uptime and data reliability. It is surrounded by proven network security controls managed on a 24x7 basis. The operation of the platform is intended to be self-service so that there is not a necessity for Experian access to data during normal operations. Access is by exception and tightly controlled.