Targetprocess On-Demand Security Notes
Targetprocess SaaS Cloud uses a reliable physical infrastructure and runs on a secure network that's built around data security to ensure that your information remains private, secure and available. Our servers are hosted at “IBM Cloud” (formerly Softlayer), a world-class hosting service company.
IBM Cloud security procedures are based on industry best practices, confirmed by certificates including (but not limited to): ISO 27001, ISO 27018 and PCI DSS. Additional information is available at https://www.ibm.com/cloud/compliance . Targetprocess is using and following practices from applicable NIST SP 800 publications, i.e. SP 800-53.
Default data locations for Targetprocess customer instances are:
- Dallas(DAL05. DAL06, DAL09) as main location and Houston(HOU02) as backup location for North America
- Amsterdam(AMS01) as main location and London (LON01) as backup location for Europe
- Melbourne(MEL01) as single location for Australia
Custom data locations are possible for Private Cloud customers.
Network Security Highlights
- Firewalls from industry leaders to ensure connection security
- Full network redundancy with Cisco switches throughout the data center
- Encrypted VPN-only access to production networks. A limited number of users are allowed to access production networks, using the “least privilege” principle. Mobile-based 2FA enforced for management and VPN connections.
- Regular network vulnerabilities and anti-virus scans are performed to ensure servers’ security
- Host level firewalls are enabled and configured to ensure a minimal number of services are exposed
Database backup strategy.
There are 2 levels of backup for your data. The system is set up to ensure that no data is lost in the event of an emergency on the production server:
- The Logshipping mechanism is used at the first level: the transaction logs are transferred to another DB server in same datacenter every 20 minutes, where they are restored immediately so that at each point in time there is a fully functional copy of the production database. Every 7 days, a complete backup is made as well.
- The second level involves geographically distributed Cloud Storage. All transaction logs and database backup files are stored inside ObjectStorage clusters in two geographically distributed locations within continent (North America in case of United States-based accounts and Europe in case of European accounts, please see "Facilities" above for additional details ).
Database backups are encrypted with strong AES256 encryption, encryption key is stored in a separate secure storage.
Targetprocess customers can get access to the latest backup of their database upon request. Contact us at email@example.com for more details.
Other customer data backup strategy.
Other data (including uploaded files and plugin data) is stored on the high-end RAID-enabled NAS. The data is replicated every 15 minutes to another storage system in a different location.
All backups are rotated every 180 days.
- Our servers run last versions of Windows and Linux operating systems that are updated to the latest patch weekly, bi-weekly or monthly.
- Vulnerabities / configuration issues / anti-virus scans are enabled
- Automated configuration management based on tools from major vendors
- Performance and security monitoring based on standard and custom tools with e-mail, SMS and push notifications.
Workstations as well as laptops are centrally managed by AD Group Policy with password complexity requirements, forced sleep after 30 minutes of inactivity, and complete Endpoint Protection suite from top-tier vendor installed with forced daily scans and all modules enabled. VPN connections to corporate resources are available to a limited number of users and are logged and monitored for suspicious activity.
- Each Targetprocess account is a web application with its own database, so no one can access your account from another application. Our Private Cloud edition uses dedicated servers -- details can be found further below.
- Each user in any Targetprocess On-Demand account has a unique username and password.
- After authentication, any request to the Targetprocess server is tied to user identity. This keeps your data private, secure and protected.
- Regular (at least quarterly) vulnerability scans are performed.
It’s important for us to maintain our standards of high quality for our software. After automated testing and manual testing by our QA engineers, every application build goes through the following steps:
- Alpha environment.
- Beta environment with a limited number of users.
- Released into production.
Data Access Policy
Background checks are performed for users with access to customer data in the production network.
Secure Transmission and Sessions
Application protocols are secured by TLS 1.2, using certificates from Go Daddy Secure Certification Authority. Individual user sessions are identified and checked with each transaction using the unique authentication cookie that was created at login.
Standard and Private Cloud editions
There are two plans available for Targetprocess cloud customers; the key differences are outlined here:
|Feature / Edition||Standard||Private Cloud (Enterprise)|
|Database||Dedicated database||Dedicated servers|
|Custom plugins support||NO||YES|
|SAML2.0 Single Sign-On||YES||YES|
|Custom Development support||NO||YES|
Still have a question?
We're here to help! Just contact our friendly support team