All services are private by default and secured via authentication detailed in identity and authentication.
Only services intended to be public are made publicly avaialable (e.g. websites or a public API over HTTPS).
We use Cloudflare to protect websites against network attacks such as DDoS.
Clients are welcome to arrange security penetration testing via 3rd parties as required. We have had numerous clients run penetration tests on websites developed and hosted by Studio 24.