General Data Security
We use Amazon Web Services (AWS) to store and serve all our applications. The AWS cloud infrastructure meets several global security compliance requirements - see their security page for more information: https://aws.amazon.com/compliance/. Access to the AWS management console is restricted to only authorized users in our company. We also regularly monitor server logs to identify unusual usage or unauthorized access attempts.
Data Security in Motion
Most of our services which manage client data use our internally secured network to communicate, which is protected with network control access lists and security groups (firewalls); some of our services also send data over the internet, in all of those cases the services communicate over encrypted connections (SSL).
Data Security and Segregation at Rest
To provide the utmost security and privacy of our client data, we maintain dedicated databases and server instances per client into what we call a “client silo” or firewall. Client data is never shared between clients. In addition to encrypting API traffic from your ATS, Atipica encrypts all internal traffic. All our databases are encrypted and protected using the industry standard AES-256 bit encryption.
We maintain dedicated databases and server instances per client into what we call a “client silo”. When a client decides to end a contract with us, their “client silo” will be completely destroyed.
Data security is a top priority for Atipica. All communication through ATS’s API is encrypted using Transport Layer Security 1.2 for HTTPS encryption, which is authenticated by AES-256 bit encryption.
User passwords are never stored in plain text. All passwords are encrypted using bcrypt, a password hashing algorithm.
In the unlikely event of a data loss or integrity issue, we maintain daily snapshots of all databases for up to 7 days. This allows for limited operational downtime.
Atipica employees maintain strict password protocols for all company-related logins, utilizing authentication/encryption based password management software and 2-factor authentication. Database access/permissions are limited based on an employee’s role. Client data is never permanently stored on employee computers, long-term documents containing client data are stored in company specific and secured on-line vaults. All employee computers are Mac OS FileVault 2 encrypted (AES-128 bit).