We protect our data union with using FIPS 140-2 Compliant Algorithms for encryption and the 24 x 7 monitoring for vulnerabilities and malware. We comply with least privilege access, we grant engineers access only to information necessary for their job duties and when access is no longer needed, we make sure to promptly remove it.
All information is encrypted at rest in and in transit.
We safeguard all data against improper modification and ensure the information has not been modified or deleted in an unauthorized and undetected manner. We monitor all modifications via Digital Ocean.
All information is encrypted at rest and in transit.
We utilize the highest level of availability in Digital Ocean. Our data is available across multiple availability zones and backup across EU regions. We employ auto scaling techniques to ensure we have the maximum performance and availability for our customers.
Smarketing Cloud uses several methods to ensure our data is secure and to prevent unauthorized access. To secure our platform, Smarketing Cloud follows a continuous monitoring program. We follow this program through the development of proactive and detective capabilities. Our managed database clusters are encrypted at rest with LUKS (Linux Unified Key Setup) and in transit with SSL. LUKS (Linux Unified Key Setup) is a specification for block device encryption. It uses device-mapper crypt ( dm-crypt ) as a kernel module to handle encryption on the block device level. The dm-crypt is a kernel-level encryption mechanism that offers transparent disk encryption.
Service instances and the underlying VMs use full volume encryption using LUKS with a randomly generated ephemeral key per each instance and each volume. The key is never re-used and will be trashed at the destruction of the instance, so there’s a natural key rotation with roll-forward upgrades. We use the LUKS default mode aes-xts-plain64:sha256 with a 512-bit key. Backups are encrypted with a randomly generated key per file. These keys are in turn encrypted with RSA key-encryption key-pair and stored in the header section of each backup segment. The file encryption is performed with AES-256 in CTR mode with HMAC-SHA256 for integrity protection. The RSA key-pair is randomly generated for each service. The key lengths are 256-bit for block encryption, 512-bit for the integrity protection and 3072-bits for the RSA key.
Our Incident Response Policy assesses the threat of security incidents and establishes a plan to mitigate the problem, ensuring that even in the event of a breach, our data is secure.
Monitoring Data Systems
Our customer data and infrastructure are monitored and secure. Smarketing Cloud leverages Digital Ocean and Elastic Cloud data centers for our customer data and production systems.
Digital Ocean follows industry best practices and follows strict standards for monitoring access to Smarketing Cloud data.
Elastic Cloud handles the following security features for us:
- Prevention of unauthorized access with password protection
- Role-based access control
- Preservation the integrity of your data with message authentication and SSL/TLS encryption
Incident Event Management
As stated in our internal Business Continuity and Disaster Recovery Plan, Smarketing Cloud conducts penetration tests on external networks quarterly.
Digital Ocean is designed to dynamically deploy applications within the cloud, monitor for failures, and recover failed platform components.
Backup files are stored redundantly across multiple availability zones and are encrypted. For major events, we will notify affected people within 24 hours of a determination.
Smarketing Cloud data is distributed across two of the Digital Ocean availability zones. We currently use the Amsterdam, Europe locations. This posture allows for a more stable infrastructure with redundant servers.
The platform has built-in mechanisms to detect non-operating or operating in a degraded state. It will automatically scale within the alternate zone to ensure that services remain available and responsive.
All code changes and application updates to our data systems are reviewed for security issues before us. Smarketing Cloud separates development, testing, storing, and producion enviornments in different engineering segments.
All Smarketing Cloud’ owned servers have quarterly security updates, and intrusion detection systems monitor for all possible security incidents.