This is a draft cheat sheet. It is a work in progress and is not finished yet.
Types of Reports
SOC2 |
Service Organization Controls. BE does not have our own. Relevant specifically for data centers. Send Rackspaces & Bridge Letter in DD folder. NDA Required. |
SOC1 |
Financial Controls. Rackspace has one. BE does not. Located in DD Folder. NDA Required. |
PenTest |
Third-party Penetration Test Report. Validates applications free from common web attacks. Full report available. Located in DD folder. NDA Required. |
Application Security
|
Is data encrypted? Yes, data is encrypted both AT REST and IN TRANSIT using AES256 with unique keys per uploaded file.
|
|
Can we customize password security? Yes, we offer password complexity configuration, as well as expiration, lockout, timeout, force changes, first-time login change, etc.
|
|
What types of access controls are there? You can create custom resource permissions, book section restrictions, workroom restrictions and more. Administrators use the same interface as board members so its easy to understand the end user experience.
|
|
|
Data Center / Physical Security
Rackspace (US, AU, EU) or Peer1 (Canada) |
SOC2 Compliant |
ISO 27001 Compliant |
Biometric authentication |
24/7/365 monitoring |
Disaster protection and multiple ISP connectivity |
Infrastructure
WAF |
DEDICATED Web application firewall. Protects against malicious attacks. 0-day signature monitoring act as a front line of defense. |
IDS |
DEDICATED Intrusion Detection System to monitor for anomolous traffic in the network. |
| |
Most low-cost competitors use Shared devices. This significantly impacts the effectiveness of the device. We manage and monitor our own. |
Private Cloud |
We virtualize on our own hardware. Low cost providors likely use shared resources which have both security and reliability impacts. We monitor the entire stack from the host, each server instance, and our network devices. |
Managed Antivirus |
SOPHOS AV runs on all of our servers and host machines. |
|
|
|
