Information Security & Data Storage Infrastructure
At inStream Solutions℠ we consider our customer data to be of paramount importance. Data security and privacy and preservation are our utmost concern. To support this commitment, we use state of the art data centers ensuring physical server security, redundancy, backups and recovery processes. We compliment this with strict access control and auditing to ensure your expectations regarding your data are fully met. This document outlines the details of data security and redundancy as well as our disaster recovery plan.
inStream Solutions℠ uses the latest Secure Sockets Layer (SSL) technology with security certificates backed by a trusted certificate authority. Beginning with signing into the system all the way until logout, all communication between your browser and our servers is encrypted. inStream uses TLS1.0 with a 128-bit key to encrypt the communication. We are committed to upgrading to the highest security standard as the standard itself evolves.
In addition to encryption, we utilize two-factor-authentication. That means the servers will only accept a connection coming from trusted browsers. If you choose to log in from a public computer, inStream Solutions℠ will issue you a one-time-use PIN that will be used in addition to your password to access the system.
Monitoring and alerting are also used to gain system-wide visibility into resource utilization, application performance, and overall health.
Our data centers are secured with multiple layers of physical security such as mantraps, biometric locks, cages, security cameras, and 24x7 security staff. Any changes to the physical infrastructure are documented and work is done only by authorized data center staff members. The data centers are located in the United States and are governed by strict protocols and procedures for access.
At inStream Solutions℠ your organization and client data is stored with privacy in mind. We employ techniques like data segregation, hashing (encryption) and data obfuscation to ensure privacy. Each organization is implemented with a separate instance of the database with its own access control to ensure proper segregation. Key data elements (such as passwords) are encrypted before storing. We audit system access as well as data changes to ensure privacy.
At our US based data centers, the servers are housed in a state of the art facility with climate control. The data center is built with redundant power, Uninterruptible Power Systems (UPS, i.e. battery backup and diesel generators that can carry the power load until commercial power is restored). If a component within the data center fails, for example a power distribution unit, then the redundant unit delivering power will carry the load. The network infrastructure is built for high availability as well, so a failure of a component (e.g. router, switch, switch port) will result in a fail-over to the redundant component.
The data centers use a fully redundant Storage Area Network. The storage system utilizes redundant fiber connections between the computer infrastructure and the storage array. The actual storage array uses RAID 5. (Redundant Array of Independent Disks level 5)
Disaster Recovery Plan
As inStream Solutions℠ uses a Private Data Center managed by a highly reputed and specialized Infrastructure Services Company, the plan outlined below is to supplement the DR plan that the provider has in place. This plan will only outline steps taken by inStream Solutions℠ above and beyond the recovery efforts undertaken by the vendor.
The Disaster Recovery Plan ensures that inStream Solutions℠ will recover from natural or man-made disasters with minimal interruption and data loss. The structure consists of organizational and technological environments to support recovery.
The DR plan will restore the following components:
- Databases are recovered and restarted
- Application Servers (WebSphere) are recovered and restarted
- Webservers (apache) are recovered and restarted
- inStream application is configured and deployed on application servers
- Network access is restored to inStream servers
- The URLS are pointing to proper locations and application is functional
Application Vulnerability Testing
At inStream, we use Veracode for our vulnerability testing. We currently apply both Static Analysis (SAST) and Dynamic Code Analysis to ensure that our code, and therefore our clients' data, is secure and protected at all times.
For more information on how Veracode helps us ensure that our product is protected from new and evolving security threats, please click on the links above.