Protecting Your Data
At dbs Software and Services, our top priority is the security of your data. We are committed to employing the best practices and measuring ourselves against the highest standards to ensure your information is secure and available at all times. Every solution we implement adheres to a baseline set of security measures including encryption, privacy, operational processes, and data center security. In addition, all of our solutions include built-in features such as logging, auditing, encryption, data obfuscation, versioning, retention rules, and others, which allow the configuration and use of our solution in compliance with privacy norms, regulations, and guidelines applicable in a broad range of industries. Please see additional information on each of these items below.
Our Information Security Management Framework is derived from our decades of experience delivering Document Management Solutions and has been designed to provide our clients with the highest possible levels of protection against a broad range of cyber threats. All of our applications and those of our partners have built-in security features that safeguard data, which provide robust cyber protection regardless of the environment where the application is deployed, whether it’s on our dbs Cloud, your third-party cloud provider, or your own private network. We regularly review and update our information security policies, carry out internal information security training, perform application and network security testing, monitor compliance with industry accepted information security practices, and conduct internal and external risk assessments.
Our SaaS (Hosted) clients entrust us to manage their solutions and see us as an extension of their own IT teams. We take this responsibility very seriously, and begin by strictly following the rule of least privileged, that is, an employee will have access to data only if that data is needed for the employee to complete their job. What this means in practice is that very few people have access to the core of our IT stack.
We strive for 99.999% availability, and performing frequent data backups are a key component of being able to recover quickly from any event that causes service interruptions. To accomplish this we use a multi-layer backup strategy consisting of both directory level backups and full system backups. We apply reverse differential backups of all client data every 24 hours, with 90 days redundancy, and store two copies, one on-site at the datacenter on a separate storage device, and one at a secure off-site location. Additionally, we maintain full VM image backups which include the operating system and all instances available on hot-standby, so in the event of a server failure, the redundant server comes online.
User access to applications is controlled by enforcing uniform minimum standards to password management, authentication, and granular permissions based user roles. All access and user actions in the applications are logged, allowing us to perform a wide variety of analyses to detect unusual activity.
Our team continuously evaluate emerging security threats and proactively implement countermeasures designed to prevent unauthorized access or unplanned downtime of our services.
Strong Encryption serves as the foundation for defending our client’s information and we encrypt data in transit and at rest. All connections to our servers are protected by secure VPN or HTTPS with a SHA256 SSL certificate. Data at rest, including backups are protected with AES 512 encryption.
The majority of our client instances are hosted in our high availability dbs Cloud platform which is located in a high security class III safety deposit vault which has been repurposed as an enterprise grade secure data center in Tyler, Texas, USA. Datacenter employees do not have access to our client’s data, and the data residing in our dbs Cloud never leaves the USA. Our servers are isolated from the public internet by a reverse proxy server and two firewalls; an SPI Firewall at the hardware level in front of the reverse proxy server, and a software firewall in the server which further restricts port access by zone per VPN client.
Access to the facility is controlled by biometric and secure key code access, monitored 24×7 by video surveillance. The facility is powered by dual power connections to the power grid which are fed through high capacity surge and power pulse protectors. Additionally the facility has dual 100kw natural gas generators which are tested weekly at full load, and dual 80kva UPS backups with online power failover. Uninterrupted connectivity to the internet is ensured by redundant connections with automated carrier switchover through multiple internet service providers. The environment inside the vault is kept at optimal conditions through fully redundant HVAC systems with industrial dry coolers which keep a consistent operating temperature and optimal humidity for computing equipment. Alternatively, our clients have the option of having our solutions deployed on their choice of cloud infrastructure provider or own private network.
The dbs application servers run on the secure Linux operating system, which provide the security, access control, availability, scalability, and data protection necessary to ensure your organization can adhere to any regulatory operating guidelines and exceed your record management policies.