Where your data lives, how learners are isolated, and how Galena deploys.
Reflare Galena is built by a cybersecurity company, with a security architecture and deployment model designed for regulated and data-sensitive organisations.
Three deployment models, isolation by design, and core infrastructure you can keep out of US jurisdiction.
In production with enterprise, government and academic security programmes
500+
officers in a metropolitan police cyber unit train on Galena. Rakuten, NTT and PwC among the organisations using Reflare.
Deployment
Three deployment models, one platform.
Reflare-hosted
Reflare runs the infrastructure. Your team works through a web portal, with no servers, containers or images to manage.
Your cloud
Deploy Galena into your own cloud account, so the environment sits inside your existing controls and billing.
On-premises
Run Galena inside your own environment for full data-residency control, where nothing leaves your walls.
Data residency
Core infrastructure outside US jurisdiction.
The core runs on Reflare-controlled dedicated hardware outside US public cloud. Accounts, training content and platform state sit on hardware outside US jurisdiction, which addresses CLOUD Act concerns for UK, European and Japanese organisations.
Ephemeral Windows environments run on AWS and carry training tools only, with no persistent learner data. If that layer were unavailable, the worst case is a learner losing an in-progress exercise.
Isolation
A security boundary by design.
The control plane holds the sensitive data: accounts, scores and records. The execution nodes hold only running containers and ephemeral challenge data, so a full compromise of a node exposes no user data.
Traffic between the two is encrypted and signed using JWE with JWS and RS256. Execution nodes force-apply security patches every hour, and a process-monitoring system can take graduated action up to wiping a node.
Each learner runs in an isolated container and network and cannot see another learner's environment, processes or files. Persistent storage is separate from compute, so data survives container and server restarts.
Vendor assurance
What your security and data teams can ask for.
Reflare will walk your security team through the architecture, support a vendor security review, and support a penetration test of the platform. Your data protection officer can review the documentation they need for sign-off.
Get started
Bring us your security questions.
Tell us your deployment, residency and assurance requirements, and we will map Galena to them. Reflare has a London office for UK and European programmes.
The core runs on Reflare-controlled dedicated hardware outside US public cloud. Ephemeral Windows environments run on AWS and hold no persistent learner data.
Can we run it entirely on-premises?
Yes. Galena can run inside your own environment for full data-residency control.
How are learners isolated from each other?
Each learner runs in a separate container and network and cannot reach another learner's environment. Inter-container traffic is blocked unless a scenario requires it.
Will you support a penetration test of the platform?
Yes. Reflare supports a vendor security review and a penetration test of the platform.
What happens if a server fails during a session?
Sessions are stateless, so a learner reconnects with a new container, and persistent storage means their saved work survives.
