At Sperse, our customers entrust us to manage their business data and critical online operations. We recognize that security, reliability, and compliance are always at the top of our customers' minds. We take our responsibility toward our customers' data and our network security with the highest priority and have implemented several protocols, processes, guidelines, and safeguards to ensure the security and integrity of our client's data, both within our infrastructure and in transit over a network connection. Every measure is taken to mitigate security risks across our infrastructure.
NETWORK SECURITY PROTOCOLS AND STRONG ENCRYPTION:
Our network security protocols are primarily designed to secure network data from any illegitimate attempt to review or extract the contents of data and prevent any unauthorized user, application, service, or device from accessing network data. We utilize the following security protocols:
- Secure Socket Layer (SSL)
- Secure File Transfer Protocol (SFTP)
- Secure Hypertext Transfer Protocol (HTTPS)
With this first layer of security, all information in transit between the browser and Sperse is protected using 256-bit SSL encryption. The industry-standard encryption protocols are used to protect your sensitive information during transmission. Browsers show a lock icon to let you verify the domain and that your data is transmitted securely.
NETWORK INFRASTRUCTURE & FIREWALLS
- Firewalls: The Sperse software platform functionalities and all data reside securely behind Firewall for system-level protection. On a domain level, where applicable, we also utilize Cloudflare Firewall and DDOS protection services.
- Cloud Infrastructure: Our application infrastructure operates on state-of-the-art Microsoft Azure and Amazon Web Services (AWS) cloud platforms, which manage and monitor physical security with surveillance, access control, and power generators.
- Our servers are regularly scanned for vulnerabilities using third-party providers to identify and resolve any potential risks.
DATA ACCESS SECURITY AND ROUTINE MONITORING
Sperse uses multiple methods to protect client data from unauthorized access as follows:
- User Permissions Management: We've developed a sophisticated hierarchical User and Roles Management system with intricate controls. This allows us to set up permissions carefully for each user or group.
- Multi-factor Authentication and Identification: Users on the Sperse platform can further extend their data security by activating our MFA functionality.
- OAuth Authentication: We do not capture or store sensitive information like credentials for third-party financial institutions on our network. This information is directly sent from the user's browser to the financial institution, allowing us limited read-only access required for reporting.
- Data Encryption: Confidential credentials and other sensitive data that are stored on our network, uses encryption security to further protect client data.
ROUTINE SECURITY AUDITS, CONTROLS, AND BACKUPS
- Development Process and Team Training: Security is central to all our development efforts and our team works diligently to protect our network and client data at every level. Our software engineering team adheres to the OWASP secure development practices and the principles of least access.
- Access monitoring: We have implemented internal systems for user activity monitoring and a velocity alerting system to notify us of any system-level anomalies, with automatic user suspension if a brute force attack is detected.
- Backups: The Azure cloud infrastructure is used for regular data backups to replicate and store databases in multiple geographic locations.
If you have any questions regarding our Network Security Protocols or practices, contact us by firstname.lastname@example.org.
Last Updated: July 21, 2022.