Security Layers to Protect Your Privacy
SureTech.com recognizes that all the performance and flexibility we deliver matter little if the security and privacy of each of our clients is not protected. We therefore build all our services and solutions on top of industry best practices for security. Our security best practices cover policies, procedures, training and up to date hardware and software products designed to protect the privacy, confidentiality and security of our client data and communications.
The SureTech.com core security layer under all our services focuses on three areas:
- Continuity protection from unexpected physical disasters to our equipment or facilities (we understand that unexpected applies to when and why, not if they will happen)
- Intrusion protection from unauthorized outside access
- Sandbox protection from unauthorized inside access
We have two additional premium security services to protect important data and meet internal or legal requirements:
- Data integrity protection
- Permanent data archiving and logging, also known as unalterable WORM storage
SureTech.com recognizes that our clients depend on the flow of information to conduct business and that the information procured, generated, organized, and stored by our clients represents a significant portion of their output and is in many cases their single most important asset . Because of this each of our security layers encompass several integrated systems to address physical security, network security, systems redundancy and operational controls. These systems are put in place with the single goal of protecting client data from loss or unauthorized disclosure.
Physical Security
SureTech.com leases datacenter space in some of the best data centers in the world. These locations are protected by master security experts and are far safer from disasters, outside threats and administrative errors or threats than most office on-site storage. No SureFiles™ client data is ever stored on servers outside of tier 1 data centers.
With locations in New York, Pittsburg, Chicago, Florida, Virginia and the UK, our hosted services are managed, secure, distributed and redundant to protect your data.
Typical key features include:
Reliability
- Three to Seven dedicated electrical feeds
- Powered by two to five different substations
- Connected to multiple transfer switches
- 1,500 kVA of uninterruptible power supply
- Multiple HVAC system with 1,000 tons of available cooling
- Redundant backbone connectivity including Level 3, Telia, AT&T and MCI backbones
- $millions in ongoing hardware and infrastructure upgrades and updates to maintain state of the art reliability and efficiency
Security
- Reinforced windowless walls
- Earthquake and explosion resistant construction
- Industrial fire resistant precautions and fire prevention systems
- Multiple 24x7 id card access staffed security check points outside the data room
- 24x7 live closed circuit TV monitoring of all visitors
- Biometric access control
- Auditable access logs of all systems administrative access and activities
Scalability
- Lease agreements allow for expansion to thousands of collocated servers for SureTech.com products and services
Redundancy
- With our connected datacenters in multiple cities and continents even catastrophic data loss in one location is protected with daily offsite backups to at least one alternate geographic location
To see an interactive demonstration of a typical setup take a tour of our Hostway Chicago datacenter location here.
Network Security
- Communications are protected via 128-bit or higher SSL Encryption via HTTPS to protect your data going to and from your computer
- Master system administrators using Cisco IOS Firewall and Microsoft Internet Security Acceleration (ISA) Server
- TripWire™ intrusion detection system (IDS) used to log and look for unusual network and user behavior within the internal network with automatic trigger alerts
- Auditable SureTech.com data retention policy to log user access
Operational controls
SureTech.com staff access to client systems and data is restricted only to senior systems administrators who:
- have been granted access by Executive Level employees
- understand that their access to systems is monitored and may be reviewed at any time
- have signed an encompassing Non-Disclosure Agreement with SureTech.com, preventing the disclosure of any sensitive data
- are covered by our Liability and Errors and Omissions insurance for up to $1,000,000
SureTech.com client access segmentation is controlled by enterprise standard security software:
- We utilize Microsoft’s proven Active Directory Organization Units (OUs) to create completely private segmentation between clients to ensure each client can access only their own data, just as if they had a completely dedicated system for themselves
Client independence from SureTech.com is always guaranteed:
- Clients always have direct access to copy their data from our servers at any time
- Clients own all their own software licenses for any customer purchased software (rental software licenses are retained by SureTech.com)
- With our ToGo service, we synchronize all data and software locally so that if the internet connection goes down for 5 minutes or we go out of business permanently the client will have no loss of data or software keys
- We contractually guarantee clients own all data and files so these cannot be held up as our assets.
Solution-Specific Security Measures
Remote Monitoring
Can communications between my computer and your server be intercepted by someone else?
All communications are protected via 128-bit or higher SSL Encryption via HTTPS to protect your data going to and from your computer, our remote monitoring server and a technician’s machine.
Who can access my machine?
Access to individual machines is limited to staff members that need machine access and login to machines requires knowledge of administrative passwords which are given only to staff members on an as needed basis. All access can be audited on a per-user basis. If you ever want a list of who accessed a particular machine or a group of machines you can review our access records at any time.
SureMail
How are my emails protected from attack?
We employ a world-class filtering mechanism to eliminate spam, viruses, spyware, and fraud emails before they reach your mailbox.
How is your datacenter protected from severe failure?
Backup is performed every night, and stored off site, password protected. Each backup is saved for four weeks. We also have MS Certified and Managed Write Once Read Many permanent mail archiving and record keeping services for MS Exchange for companies that require such archiving.
How are my communications protected?
Our systems fully support 128-bit encryption via HTTPS to protect your connection to our facility. You should remember, however, that once email leaves our facility, it is not protected unless you employ other forms of encryption.
How does a hosted email service improve our disaster recovery plan?
As part of your disaster recovery plan, you can be certain that no physical calamity to your office location will cause any interruption to your mail services. We provide web access to your email which allows you to use it from any computer with an internet connection.
How is your datacenter protected from hackers?
We have an intrusion and hacker defense system with 24/7 system monitoring and Master system administrators using Cisco IOS Firewall and Microsoft Internet Security Acceleration (ISA) Server
How is your datacenter protected from physical access?
Physical Integrity and Privacy: A fortified datacenter, 24/7 surveillance, built in disaster recovery procedures and multiple 24x7 staffed access points along with our professional reputation and online security procedures all stand behind the security and privacy of all your business data.
What procedures help keep my data safe?
Strong client confidentiality protections enforced contractually and procedurally keep your data from falling into the wrong hands. Account passwords are not discoverable by SureTech.com staff and are known to each client user only. Master system admin access is restricted to two executives with auditable access logs of any access for troubleshooting or repair. In no event will any client data be read or disclosed by SureTech.com staff unless it is necessary to diagnose or troubleshoot a problem.
SureDesk
Where is my data stored?
Our datacenters are the best in the world - and far safer than storing data on a server in most office on-site locations. We utilize Tier 4 data centers. Data centers are chosen both for network peering but also for physical security and redundancy options. Access is restricted and controlled usually with a proximity card or biometrics.
How is do you ensure my data doesn’t disappear?
Our SureDesk platform uses purely diskless processing engines, which ensures all data is centrally stored on a Storage Area Network (SAN). Storage Area Networks offer much greater resilience than traditional hard-drives. As a policy our SAN data is replicated to an alternate data center. This equates to having an offsite and real time copy of any data stored in the primary site. In the case of a total failure of a data center or Storage Area Network which is very unlikely, we can quickly recover data and provide this data to customers or restore to alternative systems (default policy).
How are my communications kept secure?
Electronic Access to Services: All of access points to services are encrypted through the use of SSL (secure socket layer) at least 128 bit encryptions. This provides encryption for all data which is being sent to and from our network, such as Email, Desktop data and passwords etc. For desktops a connection broker is used to provide encryption through RSA RC4 for key strokes and screen data.
How do you protect your datacenter hackers?
To protect data and security, our data center uses a TripWire™ intrusion detection system (IDS). An IDS is used to log and look for unusual network and user behavior within the internal network. The IDS is deployed on both internal and external networks and has a number of automatic triggers to alert engineers of unusual behavior and to isolate potential problems. SureTech.com employs a policy to log user access to any of the services such as Hosted Desktop, Exchange and stores this information securely as part of our data retention policy.
Can people access my data?
User access is restricted per user with passwords only the user knows and that even our systems operators cannot see. Access to user data is managed by ACL (Access Control Lists) which designate which users have which access to which services and data. This is managed via internal (not public facing) networks which reside within the SureDesk infrastructure. Users will be allowed to access only their unique data.
Can your administrators access my data?
Access to systems and data is only by experienced engineering staff that has been granted access by the Executive Level. Staff members are aware their access in and out of systems is monitored. All staff members have signed an encompassing Non Disclosure Agreement with SureTech.com, preventing the disclosure of any sensitive materials in our domain.
Any changes to data, systems or infrastructure must be logged with change control software; both to ensure reversal of policies can be instigated, but also tracking of issues. SureDesk™ uses an ITIL compliant change control program from eSupport. Regular audits are made by senior management to ensure access to data is aligned to roles of staff members.
What happens to my data if you go out of business?
Clients always have direct access to copy their data from our servers at any time. Customers have access to their own private data at any time, with which they can copy, backup and store copies themselves if required. None of the data is stored in proprietary format.
We contractually guarantee clients own all data and files so these cannot be held up as our assets.
With our ToGo service, we synchronize all data and software locally so that if the internet connection goes down for 5 minutes or we go out of business permanently the client will have no loss of data or software keys.
How is my data protected from loss?
Full backups are taken weekly. Incremental backups are performed daily and they recycled. Backups are kept for 7 days unless there is another policy agreed to.