Question: What kind of security measures does Vantaca use?
Data security is a serious concern for anyone these days. Vantaca has taken extensive measures to secure and protect our customer’s data.
Our hosting facility is Microsoft’s Azure hosting. It is one of the largest and most trusted hosting facilities in the world. In fact, 85% of Fortune 500 companies use these facilities.
Azure runs in geographically distributed Microsoft facilities, sharing space and utilities with other Microsoft Online Services. Each facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.
Our Web servers and processing servers are completely redundant and have immediate failover. In addition, they can automatically scale to accommodate volume capacity.
Our customer’s data is stored in individual databases so no comingling of information occurs. We employ both High Availability (with 99.99% availability) with Azure which provides a cluster of database servers to do immediate failover without any interruption and Always On Failover by having your data maintained in a geo-replicated environment. This means, even if your primary datacenter is completely down, we have continuously had your data replicated to another data center across the country, at minimum 500 miles away which can be failed over to within moments of activation.
Our customer’s database backups are maintained as follows: 14 days of Any Point-in-Time restore – which means we have the ability to restore your data to any moment in a day within the 14 day period from the current time. 30 days of revolving Daily Backups – we perform daily backups and store them in geo-replicated locations. 7 years of revolving Monthly Backups – we copy the month-end backup to the geo-replicated storage.
Our customer’s documents (e.g. invoice images, association documents, etc.) is stored in Azure’s Storage. This is again geo-replicated to another datacenter across the country (minimum of 500 miles). At each datacenter, the storage is maintained in 3 redundant copies. The replicated storage datacenter is maintained as write once, read many storage approach, meaning we never perform updates or deletes to this storage.
We maintain passwords in a one-way encryption. Highly sensitive data (e.g. bank account numbers, SSN, etc.) are stored in always encrypted database (even the database backups are encrypted) isolated from the rest of your data.
Access to our websites is always through EV-SSL. EV means Extended Validation which incorporates some of the highest standards in identity assurance. You can identify websites using EV-SSL by the green address bar indicators and the additional company information provided in your browser.