Targetprocess On-Demand Security Notes | Targetprocess - Visual management software

Targetprocess On-Demand Security Notes

Targetprocess SaaS Cloud uses a reliable physical infrastructure and runs on a secure network that's built around data security to ensure that your information remains private, secure and available. Our servers are hosted at “IBM Cloud” (formerly Softlayer), a world-class hosting service company.

IBM Cloud security procedures are based on industry best practices, confirmed by certificates including (but not limited to): ISO 27001, ISO 27018 and PCI DSS. Additional information is available at https://www.ibm.com/cloud/compliance . Targetprocess is using and following practices from applicable NIST SP 800 publications, i.e. SP 800-53.

Facilities

Default data locations for Targetprocess customer instances are:

  • Dallas(DAL05. DAL06, DAL09) as main location and Houston(HOU02) as backup location for North America
  • Amsterdam(AMS01) as main location and London (LON01) as backup location for Europe
  • Melbourne(MEL01) as single location for Australia

Custom data locations are possible for Private Cloud customers.

Network Security Highlights

  • Firewalls from industry leaders to ensure connection security
  • Full network redundancy with Cisco switches throughout the data center
  • Encrypted VPN-only access to production networks. A limited number of users are allowed to access production networks, using the “least privilege” principle.  Mobile-based 2FA enforced for management and VPN connections.
  • Regular network vulnerabilities and anti-virus scans are performed to ensure servers’ security
  • Host level firewalls are enabled and configured to ensure a minimal number of services are exposed

Storage

Database backup strategy.

There are 2 levels of backup for your data. The system is set up to ensure that no data is lost in the event of an emergency on the production server:

  1. The Logshipping mechanism is used at the first level: the transaction logs are transferred to another DB server in same datacenter every 20 minutes, where they are restored immediately so that at each point in time there is a fully functional copy of the production database. Every 7 days, a complete backup is made as well.
  2. The second level involves geographically distributed Cloud Storage. All transaction logs and database backup files are stored inside ObjectStorage clusters in two geographically distributed locations within continent (North America in case of United States-based accounts and Europe in case of European accounts, please see "Facilities" above for additional details ).

Database backups are encrypted with strong AES256 encryption, encryption key is stored in a separate secure storage.

Targetprocess customers can get access to the latest backup of their database upon request. Contact us at support@targetprocess.com for more details.

Other customer data backup strategy.

Other data (including uploaded files and plugin data) is stored on the high-end RAID-enabled NAS. The data is replicated every 15 minutes to another storage system in a different location.

All backups are rotated every 180 days.

Server Security

  • Our servers run last versions of Windows and Linux operating systems that are updated to the latest patch weekly, bi-weekly or monthly.
  • Vulnerabities / configuration issues / anti-virus scans are enabled
  • Automated configuration management based on tools from major vendors
  • Performance and security monitoring based on standard and custom tools with e-mail, SMS and push notifications.

Workstations security

Workstations as well as laptops are centrally managed by AD Group Policy with password complexity requirements, forced sleep after 30 minutes of inactivity, and complete Endpoint Protection suite from top-tier vendor  installed with forced daily scans and all modules enabled. VPN connections to corporate resources are available to a limited number of users and are logged and monitored for suspicious activity.

Application Security

  • Each Targetprocess account is a web application with its own database, so no one can access your account from another application. Our Private Cloud edition uses dedicated servers -- details can be found further below.
  • Each user in any Targetprocess On-Demand account has a unique username and password.
  • After authentication, any request to the Targetprocess server is tied to user identity. This keeps your data private, secure and protected.
  • Regular (at least quarterly) vulnerability scans are performed.

It’s important for us to maintain our standards of high quality for our software. After automated testing and manual testing by our QA engineers, every application build goes through the following steps:

  1. Alpha environment.
  2. Beta environment with a limited number of users.
  3. Released into production.

Data Access Policy

Targetprocess support and infrastructure teams may access customer data for troubleshooting, maintenance and/or technical support activities when requested by the customer. We do not disclose or share data or personal information to third parties (see Targetprocess On-Demand Terms of Service and Targetprocess Privacy Policy).  Encrypted VPN connection with logging and 2-factor authentication is enforced.

Background checks are performed for users with access to customer data in the production network.

Secure Transmission and Sessions

Application protocols are secured by TLS 1.2, using certificates from Go Daddy Secure Certification Authority. Individual user sessions are identified and checked with each transaction using the unique authentication cookie that was created at login.

Standard and Private Cloud editions

There are two plans available for Targetprocess cloud customers; the key differences are outlined here:

Feature / EditionStandardPrivate Cloud (Enterprise)
 Application Multi-tenant Dedicated servers
 Database Dedicated database Dedicated servers
 Custom plugins support NO YES
 SAML2.0 Single Sign-On YES YES
 Custom Development support NO YES

Still have a question?

We're here to help! Just contact our friendly support team

Find out more about our APIs, Plugins, Mashups and custom extensions. Join our community of passionate users and even discuss directly with our developers.