Site9, Inc. and its affiliates provide proven industry-standard security for all customer data in ProtoShare. We work to provide superior technologies and best practices to security, as well as partner with reputable enterprises that uphold the same value standards. With Site9 products, you can be sure your data will be as safe and secure as possible.
Site9, Inc. works with OpSource, a nationally recognized service provider that delivers its Cloud and Managed Hosting Solutions from top-tier colocation facilities in Sunnyvale, CA; Ashburn, VA; London, UK; and Paris, France. OpSource facilities meet or exceed Tier III standards, the highest commercially available datacenter rating as measured by the Uptime Institute. Network connectivity is provided by Global Tier-1 IP Networks.
Network security is implemented at the network level via Cisco switches providing Network Address Translation and Firewall services. Opsource provides the infrastructure.
Each OpSource datacenter ensures that:
- All areas within the facility are monitored 24x7x365 by closed-circuit cameras and onsite guards
- OpSource datacenter space is physically isolated and accessible only by OpSource administrators
- Access is restricted by authorized personnel through biometric two-factor authentication
- CCTV digital cameras cover the entire center, including cages, with detailed 24x7 surveillance and audit logs
- Experienced, professional engineers providing 24-hour support and systems protection.
Site9 product security is implemented at the network layer, directly on Site9's Cisco switches allowing high security and high performance. Security and network services include customizable firewalls, NAT, VIP, load balancing, and multicast. OpSource Cloud Networks are built on Cisco Catalyst 6509s with Application Control Engine Modules.
When paying by credit card, ProtoShare utilizes a separate PCI compliant system to manage all credit card and financial information. This allows us to ensure that the minimal number of employees have access to any sensitive data.
ProtoShare data is isolated per customer to prevent the entry of any customer from accessing another customer's data. Site9 engineers utilize proven, up-to-date security technologies and techniques. Access to production systems and customer data is provided to employees on a 'least access' basis, and all communication with production systems is provided through encrypted VPN.
ProtoShare uses 2048 bit encrypted SSL to protect all login data and information.
Operating System Security
ProtoShare uses the minimal number of access points to all production servers. All operating systems are maintained at recommended patch levels and are hardened by disabling and removing unnecessary users, protocols and processes.
The customer owns all data entered in ProtoShare. Site9 employees do not have access to that data, except where necessary for system management, maintenance, monitoring, backups and support. Data is stored using RAID disks and storage clusters. Site9 backs up customer data nightly to a secure, off-site location. Database connections are limited to only authorized internal networks, via encrypted VPN.
ProtoShare is provided through state-of-the-art cloud networks in a secure environment. ProtoShare SaaS runs on a SSAE-16 compliant cloud infrastructure.
SSAE is an acronym for the Statements on Standards for Attestation Engagements. SSAE-16 defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor's report.
The requirements of SSAE-16 address the following areas:
- Control Environment
- Physical Security
- Environmental Protection
- Computer Operations
- Information Security
- Data Communications
- Customer Access Controls
SSAE-16 Type I and Type II Attestation
OpSource maintains both SSAE-16 Type I and Type II attestations in conjunction with their auditor SSAE 16 Solutions. In the context of OpSource, these SSAE-16 audits assure that OpSource is living up to its commitments. The SSAE-16 attestation is based on an in-depth series of documented controls covering the entire operational spectrum of the OpSource organization.
This document was last updated March 29, 2013
Download this document as a PDF.