Transferring sensitive information over the Internet can be risky due to the following issues:
- Who you are communicating with may not be who you think it is.
- The data you are sending and receiving via your browser can be intercepted and read by an unauthorized third party.
- If this party can intercept the data, they may be able to modify it before it reaches the intended receiver.
The latest TLS/SSL encryption standards are utilized to address the above issues and for account/application access. This standard ensures that no confidential information can be easily intercepted during a user's session with CaFÉ. Our servers identify themselves using public keys. These public key certificates are issued by VeriSign, a leader provider of Internet security infrastructure.
Security within our hosting environment is addressed in the following three areas. Physical security includes locking down and logging all physical access to servers at the data center. Operational security involves creating business processes that follow security best practices to limit access to confidential information and maintain tight security over time. System security involves locking down customer systems from the inside, starting with hardened operating systems and up-to-date patching.
Physical Security
- Data center access limited to data center technicians
- Biometric scanning for controlled data center access
- Security camera monitoring at all data center locations
- 24x7 on-site staff provides additional protection against unauthorized entry
- Unmarked facilities to help maintain low profile
- Physical security audited by an independent firm
System Security
- System installation using hardened, patched OS
- System patching configured by to provide ongoing protection from exploits
- Dedicated firewall and VPN services to help block unauthorized system access
- Data protection with managed backup solutions
- Optional, dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access
- Distributed Denial of Service (DDoS) mitigation services based on proprietary PrevenTier system
Operational Security
- ISO17799-based policies and procedures, regularly reviewed as part of SAS70 Type II audit process
- All employees trained on documented information security and privacy procedures
- Access to confidential information restricted to authorized personnel only, according to documented processes
- Systems access logged and tracked for auditing purposes
- Secure document-destruction policies for all sensitive information
- Fully documented change-management procedures
- Independently audited disaster recovery and business continuity plans in place for headquarters and support services
- Secure media handling and destruction procedures for all customer data