Security

Protecting your data and our services is our top priority. The availability, confidentiality, and integrity of your data is of utmost importance to your business, and to Klipfolio. We use multiple safeguards to protect this information, and are constantly monitoring and improving our products and services.

Our data center

Klipfolio hosts our applications and your data with Rackspace, a top-tier hosting and cloud storage provider. Their security measures and features to ensure consistent service are detailed below:

Physical security

Physical security includes keycard protocols, biometric scanning protocols, and round-the-clock interior and exterior surveillance monitor access to every one of the Rackspace data centers. Only authorized data-center personnel are granted access credentials to our data centers. No one else can enter the production area of the data center without prior clearance and an appropriate escort. Every data-center employee undergoes multiple and thorough background security checks before they're hired.

Precision environment

Every data center's heating, ventilation, and air conditioning (HVAC) system is N+1 redundant. This practice ensures that a duplicate system immediately comes online should there be an HVAC system failure. Every 90 seconds, all the air in the Rackspace data centers is circulated and filtered to remove dust and contaminants. The data centers' advanced fire-suppression systems are designed to stop a fire from spreading in the unlikely event one should occur.

Conditioned power

Should a total utility power outage ever occur, all of our data centers' power systems are designed to run uninterrupted, with every server receiving conditioned uninterruptible power supply (UPS) power. The Rackspace UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails. If an extended utility power outage occurs, the routinely tested, on-site diesel generators can run indefinitely.

Core routing equipment

Only fully redundant, enterprise-class routing equipment is used in Rackspace data centers. Fiber carriers enter our data centers at disparate points to guard against service failure.

Network technicians

Rackspace requires that the networking and security teams working in their data centers be certified. They also require that they be thoroughly experienced in managing and monitoring enterprise-level networks. Certified Network Technicians are trained to the highest industry standards.

Secure transmission and sessions

Connection to the Klipfolio products and services environment is through secure socket layer/transport layer security (SSL/TLS), using global certificates from Verisign and GeoTrust, to ensure that your users have a secure connection from their browsers to our services. Sessions are terminated after 30 minutes of inactivity, or implicity by a user sign out event.

Access controls

User IDs and passwords are both set by the user. One-time passwords are never used. Password strengh and a limitation on login attempts are configurable. Passwords are encrypted. Within the application, both group and role based access rights can be assigned, allowing full control over what a user can see and use. The application also maintains an detailed event log, capturing items such as authentication, failed login attempts, asset creation, deletion, and modification.

Backups

All data is backed up using daily and weekly images. Master/slave replication additionally ensures that database backups are hot-swappable. Backups and replications are not transported offsite.

Code testing and assessments

Klipfolio tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party vulnerability testing has also been performed by Aspect Security.

  • Application vulnerability threat assessments
  • Network vulnerability threat assessments
  • Selected penetration testing and code review
  • Security control framework review and testing

Security monitoring

To identify and manage threats, our team monitors notifications from various sources and alerts from internal systems.