Security

Keeping your clients’ data and yours private and secure is a top priority for us. The information on this page is intended to provide transparency about how we protect that data. We’ll continue to expand and update this information as we add new security capabilities and make security improvements to our products.

 
 
Tiles_Background_LightestBlue.png
 

Account Authentication

While we don’t require you to set a complex password, our password strength meter encourages you to choose a strong one. You have the ability to require fingerprint authentication on your compatible mobile devices. We limit failed login attempts to slow down password guessing attacks.

Tiles_Background_White.png

Cloud Hosting

Suprabook is hosted in the Amazon Web Services (AWS) cloud. AWS is the gold standard in cloud computing, trusted by industry leaders from legal to financial services to healthcare and government agencies to secure their data and ensure data availability. In addition to Suprabook, entities that rely on AWS have included: Thomson Reuters, LexisNexis, Citrix, the US Department of State, the US Central Intelligence Agency (CIA), Nasdaq, Dow Jones, Capital One, Intuit, the Financial Industry Regulatory Authority (FINRA), GE Healthcare, Novartis, Pfizer, Unilever, the US Food and Drug Administration (FDA), the US Centers for Disease Control (CDC), the National Aeronautics and Space Administration (NASA), Airbnb, Netflix, Spotify, and Zillow.

Tiles_Background_White.png

Resiliency & Availability

AWS provides fault-tolerant architecture that helps ensure Suprabook is there when you need it. This includes:

  • Redundant Data Centers — Data centers are designed to anticipate and tolerate failure while maintaining service levels. In case of failure, automated processes move traffic away from the affected area. Core applications are deployed to an N+1 standard, so that in the event of a data center failure, there is capacity to enable traffic to be load-balanced to the remaining sites.

  • Site Selection — Data center locations are carefully selected to mitigate environmental risks, such as flooding, extreme weather, and seismic activity based on environmental and geographic assessments.

  • Availability Critical system components are backed up across multiple, isolated locations known as Availability Zones. Each Availability Zone is engineered to operate independently with high reliability.

  • Capacity Planning — AWS continuously monitors service usage to deploy infrastructure to support availability commitments and requirements. AWS maintains a capacity planning model that assesses infrastructure usage and demands at least monthly.

  • Redundant Power Supply Data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day. AWS ensures data centers are equipped with back-up power supply to ensure power is available to maintain operations in the event of an electrical failure for critical and essential loads in the facility.

  • Climate and Temperature Controls — Data centers use mechanisms to control climate and maintain an appropriate operating temperature for servers and other hardware to prevent overheating and reduce the possibility of service outages. Personnel and systems monitor and control temperature and humidity at appropriate levels.

  • Fire Detection and Suppression — Data centers are equipped with automatic fire detection and suppression equipment. Fire detection systems utilize smoke detection sensors within networking, mechanical, and infrastructure spaces. These areas are also protected by suppression systems.

  • Leakage Protection — Data centers are equipped with functionality to detect the presence of water. If water is detected, mechanisms are in place to remove water in order to prevent any additional water damage.

Tiles_Background_White.png

Physical Security

AWS enforces rigorous standards to protect the physical security of facilities where Suprabook data is hosted, including:

  • AWS Employee Data Center Access — AWS provides physical data center access only to approved employees. All employees who need data center access must first apply for access and provide a valid business justification. These requests are granted based on the principle of least privilege, where requests must specify to which layer of the data center the individual needs access, and are time-bound. Requests are reviewed and approved by authorized personnel, and access is revoked after the requested time expires. Once granted admittance, individuals are restricted to areas specified in their permissions.

  • Third-Party Data Center Access Third-party access is requested by approved AWS employees, who must apply for third-party access and provide a valid business justification. These requests are granted based on the principle of least privilege, where requests must specify to which layer of the data center the individual needs access, and are time-bound. These requests are approved by authorized personnel, and access is revoked after request time expires. Once granted admittance, individuals are restricted to areas specified in their permissions. Anyone granted visitor badge access must present identification when arriving on site and are signed in and escorted by authorized staff.

  • Data Center Access Review Access to data centers is regularly reviewed. Access is automatically revoked when an employee’s record is terminated in Amazon’s HR system. In addition, when an employee or contractor’s access expires in accordance with the approved request duration, his or her access is revoked, even if he or she continues to be an employee of Amazon.

  • Data Center Access Logs Physical access to AWS data centers is logged, monitored, and retained. AWS correlates information gained from logical and physical monitoring systems to enhance security on an as-needed basis.

  • Data Center Access Monitoring AWS monitors its data centers using its global Security Operations Centers, which are responsible for monitoring, triaging, and executing security programs. They provide 24/7 global support by managing and monitoring data center access activities, equipping local teams and other support teams to respond to security incidents by triaging, consulting, analyzing, and dispatching responses.

  • CCTV Physical access points to server rooms are recorded by Closed Circuit Television Camera (CCTV). Images are retained according to legal and compliance requirements.

  • Controlled Data Center Entry Points — Physical access is controlled at building ingress points by professional security staff utilizing surveillance, detection systems, and other electronic means. Authorized staff utilize multi-factor authentication mechanisms to access data centers. Entrances to server rooms are secured with devices that sound alarms to initiate an incident response if the door is forced or held open.

  • Intrusion Detection — Electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert appropriate personnel of security incidents. Ingress and egress points to server rooms are secured with devices that require each individual to provide multi-factor authentication before granting entry or exit. These devices will sound alarms if the door is forced open without authentication or held open. Door alarming devices are also configured to detect instances where an individual exits or enters a data layer without providing multi-factor authentication. Alarms are immediately dispatched to 24/7 AWS Security Operations Centers for immediate logging, analysis, and response.

 
Tiles_Background_White.png
 

Get up and running in minutes.

 
Tiles_Background_NavyBlue.png