From owning, storing, transferring, accessing, backing up, monitoring, to testing & reviewing our security procedures, every aspect is covered to meet industry best practice standards and is legally compliant. Your security questions answered:
Ensemble takes data security seriously and invests in protecting your data. We put security measures and maintain policies and procedures to comply with required data security standards, and we continue to take all the necessary measures to improve our information security level.
You are the owner of your data and you are ultimately responsible for it. We provide security functionality to protect your data.
All your data is stored using Amazon Web Services (AWS), one of the world’s leading cloud-based services. AWS is used by millions of businesses from Airbnb, to Capital One and Netflix.
The data is stored in Germany, Frankfurt, allowing you to meet European regulations as no data is transferred outside the EU and is physically secured by trained and audited Security staff around the clock, 365 days a year (see Amazon whitepaper on security).
Sensitive data is encrypted, using an individual per-customer AES 256 based encryption key.
Your data is transferred with high-grade TLS 1.2 (https) technology. This is industry standard technology, used by everybody from Google to the big banks.
We should look at 3 types of parties that can get access to your data:
You and your staff – your staff will have access to the data, using a password and per data access credentials that you will provide them. You can control who can views, edits, uploads and downloads any information or document based on his/her role credentials.
Our staff – a small number of periodically trained authorized Ensemble personnel as defined in our security policy can gain access to your data. Any Ensemble team member doing so will be performing specific (audited) tasks on your request via our support desk. Access to all sensitive data requires two-factor authentication by these personnel.
Our data centers back up your data at least once a day and your data is fully restorable within a reasonable time in the unlikely event of a problem.
IF YOU’RE HOSTING MULTIPLE TENANTS WITHIN YOUR CLOUD INFRASTRUCTURE, WHAT SECURITY MEASURES PREVENT ONE CUSTOMER ACCESSING ANOTHER CUSTOMER’S DATA? IS OUR DATA SEGREGATED FROM OTHER CUSTOMERS?
Each piece of data stored is associated with a tenant ID. All access to data is enforced to use a tenant ID key. Data is logically divided. If the information is stored on disk then every client has its own folder, if data is stored on a database then access to the data is strictly enforced to use the tenant identifier so there is no leakage between clients.Sensitive data is encrypted using a unique encryption key per tenant.
Code Reviews – every change before uploaded to production undergoes a review and needs to be approved. Changes are reviewed with security in mind.
Passwords – we require a strong password to connect to the application. Passwords are never stored in clear text and are always hashed and salted.
Versioning – We have an automated system that ensures that the available system for our users is up to date.
High availability – our system was designed to enable high availability; in any case of failure we can update our customers on real-time basis.