Application Security
We’ve implemented a number of controls within our applications to ensure all data remains fully secure, including:
- Unique non-predictable session ID/Tokens for access control
- Database and SQL schema partitioned by customer company ID for isolation
- Configurable session timeouts
- Role-based user access to limit admission to specific modules within the application
Database Security
- Passwords are stored with S-Crypt one-way hash
- Restricted database access prevents unauthorized use
- Customer-delegated data access adds a layer of control
- Encryption for even data at rest
Network Protection
Best-in-class network protection to keep your data safe from outside threats:
- Corporate/Cloud network isolation ensures complete security
- Redundant stateful firewalls separate our application from external traffic
- Intrusion detection & prevention of virus transmission
- Network monitoring to enhance performance
Transmission Security
- SSO, SAML, OAuth & MFA for authentication & authorization
- 256-bit TLS encryption to encrypt and decrypt data
- TLS 2048-bit certificate
- TLS session termination on load balancers simplifies security management
Datacenter Security
- 24×7 onsite physical security and video surveillance
- Access control and escorted entry for authorized AWS personnel
- No access provided even to Replicon personnel
- Background checks performed on all personnel
Disaster Recovery
Detailed disaster recovery procedures ensure you can always access your data — even if a service location becomes inoperable. They include:
- Identical facilities
- Mirrored transactions
- Automatic failover
- Daily and weekly system backups (scheduled and incremental)
- Regularly scheduled tests to ensure recoverability of all backup data