Physical Security –Our production equipment is co-located at a secure facility that provides 24- hour physical security, identification systems, redundant electrical generators, data center air conditioners, and other backup equipment designed to keep servers continually up and running.
Perimeter Defense – The network perimeter is protected by firewalls and monitored by intrusion detection systems. We monitor and analyze firewall logs to proactively identify security threats.
Systems Security – Inside the perimeter firewalls, the systems are safeguarded by network address translation, port redirection, and other techniques. The specific details of these features are proprietary.
Operating System Security – We enforce tight operating system-level security by minimizing the number of access points to its production servers. We protect operating system accounts with strong passwords, and production servers do not share a master password database. All operating systems are hardened by disabling and/or removing any unnecessary users, protocols, and processes.
Server Management Security – All data and documents entered into solutions used by our customers and hosted by us is owned by that customer. Our team members do not have direct access to the production equipment, except where necessary for system management, maintenance, monitoring, and backups. We do not utilize any managed service providers. Our systems engineering and administration team provides all system management, maintenance, monitoring, and backups.
PSecurity Model – Our application security model prevents one customer from accessing another’s data. This security model is reapplied with every solution and enforced for the entire duration of a user session.
User Authentication – Users access solutions hosted by us only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user.
Database Security – Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access to production databases is restricted to a limited number of points, and production databases do not share a master password database.
Partitioning Identifying data – Depending on the nature and sensitivity of data – the dataset is divided two parts – entity identifying data elements, and non-identifying data elements. Wherever required data elements identifying the entity are partitioned from the rest of the data by being encrypted. This shields the database at a raw data level.
Data Encryption – We employ encryption products to protect customer data and communications, including 128-bit SSL Certification. The lock icon in the browser indicates that data is fully shielded from access while in transit.