IPfolio is built on one of the most trusted cloud platforms, with enterprise-class infrastructure, reliability and security. All the customer data is exclusively hosted on the reputed, world class infrastructure of the Salesforce.com platform. Regular and consistent independent audits ensure that the security offered by the Salesforce.com platform exceeds what most companies are able to achieve on their own.
Third-Party Validation:
Security is such an important aspect which is a multidimensional imperative for businesses that stresses on the importance of consideration at every level right from applications and software to the physical aspects including facilities, and network security. World class security would not only require adherence to the best-practice policies, but is also necessary to be updated with the latest technologies. The platform is consistently and regularly updated to all third party certifications such as ISO 27001, The SysTrust Audit (Standard for System Security), SSAE16/ISAE 3402 SOC-1 (Standard Attestation for Internal Corporate Controls) and the German TUV Audit; which ensures adherence to the best-practice policies.
Protection at the Application Level:
Protection of customer data is ensured by allowing access to only the authorized users. The access levels are assigned by the administrators who determine which of the data users can be given how much of access. Company-wide defaults and data access levels are typically based on role hierarchy. All data in the tool and on the platform are encrypted during transfer. Access to all data is again governed by strict password security policies. All these passwords are stored in the standard MD-5 hash formats. All applications are further monitored continuously at regular intervals for attempts on security violation.
Protection at Data Center Level:
The security standards at Salesforce.com are on par with not just the best civilian data centers the world, but also with the world’s most security-conscious financial institutions. There are five levels of Bio-Metric scanning which the authorized personnel have to pass through to get to the system cages. All the buildings at the data center are completely anonymous and have exterior walls which are bullet-resistant, embassy-grade concrete posts, and are surrounded by planters all around the perimeter. Entrances that are in the exterior regions have silent alarm systems that will immediately notify law enforcement when there is a suspicion of intrusion. All data is further backed up on disk and tape, the tape providing additional physical protection levels, and neither the disks nor the tapes ever leave the data center.
Protection at the Network Level:
Complete network security is ensured by not just multilevel security products from top security vendors, but also by following and adhering to proven security practices. Externally the perimeter firewalls and edge routers will block the unused protocols, and the internal firewalls will help separate the traffic between the database tiers and application. There are sensors throughout the internal network which detect intrusion and immediately report events such as logging, reports and alerts to the security event management system. All the networks are certified through reliable third party vulnerability assessment programs.
Backup and Recovery:
All the data from customers is stored in secure data centers and these are replicated over secure links to a disaster recovery data center. This design is efficient in the event of catastrophic loss, wherein it provides the ability to restore service rapidly and without delay. Also in addition, the data is also backed up to tapes in separate data centers which never leave this data center, minimizing the risk of loss. Clustered databases, pools of application servers, and load-balanced networks are all features of highly scalable and redundant infrastructure designs. Global corporations such as financial services, etc where data security and privacy are especially critical have been customers of Salesforce.com and IPfolio for years and they continue to remain so and recognize that network security and internet security is taken seriously by us.
We understand that the information covered here is quite basic and one may have additional questions. One may visit trust.salesforce.com for more detailed information on technologies, practices and policies that are in place for data protection.