The security of client data along with its integrity are Borro’s top priority. It is vital for the peace of mind of our clients and ours. To ensure clients never have to worry, we use a multi-layered approach to protect and monitor all information.
Client Data Protection
Products are accessed across the Internet from secure and encrypted connections (TLS 1.2) using Symantec certified high-grade 2048 bit certificates to guarantee the security of client data. Individual user sessions are protected by unique session tokens and re-verification of each transaction
Borro tests all code for vulnerabilities before release, and regularly scans our network and systems for vulnerabilities that could comprise the security of client data.
- Borro’s SaaS services are based on proven and secure Open Source solutions and custom applications
- Applications and servers are regularly patched to provide ongoing protection from exploits
- Third-party assessments conducted regularly:
- Application vulnerability threat assessments
- Network vulnerability threat assessments
- Penetration testing
- Every major SaaS software release tested by QA
- Automated Daily scans testing the full scope of OWASP security risks
Physical and Environmental Security
Our service is hosted in dedicated spaces at top-tier data centers. The data center provider maintains:
- Biometric scanning for controlled data center access
- Security camera monitoring at all data center locations
- 24×7 onsite staff for additional protection against unauthorized entry
- Unmarked facilities to help maintain low profile
- Redundant HVAC (Heating Ventilation Air Conditioning) units which provide consistent temperature and humidity within the raised floor area
- Sensors to detect environmental hazards, including smoke detectors and floor water detectors
- Raised flooring to protect hardware and communications equipment from water damage
- Fire detection and suppression systems (dry-pipe, pre-action water-based)
- Redundant (N+1) UPS power subsystem with instantaneous failover
Network Access Controls
- Network access to and from Borro DMZ is controlled by dedicated Firewalls
- Access to Borro servers require use of VPN with multi-factor authentication and extensive access monitoring
- Distributed Denial of Service (DDoS) mitigation services are used to protect servers
- Web application firewall analyses bi-directional traffic – detecting and blocking anything malicious from interfering with the security of client data
- Information Security team (including data center security team) monitors internal and external security events and implements corrective actions
- Systems access logged and tracked for auditing purposes
- Application access logs are collected and analyzed according to internal security procedures
- Access to client data restricted to personnel authorized according to documented processes
- Access to SaaS servers is limited, logged and tracked for auditing purposes
- All employees in engineering, operations, and technical services have extensive background checks as a condition of employment.
- Security policies include:
- Client Data Handling policy
- Secure document-destruction policies for all sensitive information
- All employees are trained on information security and privacy procedures
Service Availability Controls
- Borro load-balances at every tier in the infrastructure, from the network to the database servers. Application server clusters are enabled to ensure that servers can fail without interrupting the user experience. Database servers are clustered for failover.
- Our primary data backup strategy leverages the snapshot and data mirroring capabilities that our enterprise storage systems provide. To satisfy data privacy requirements, backups are never sent out of the country in any of our data centers.
- Every component in the SaaS infrastructure is redundant. There are at least two of each hardware component that process the flow and storage of data. All network devices, including firewalls, load balancers, and switches are fully redundant and highly-available. High availability for Internet connectivity is ensured by multiple connections in each data center to different ISPs.
About the Author
Paul Duncan is Borro’s Chief Technology Officer