Security Policy
Cloud & Data Security is Critical to everything we do at Vendor Infra
We know how important and confidential your pricing information is to your business and competitive edge. Feel reassured knowing that Vendor Infra was built from the ground up and is operated on a daily basis to ensure that your confidential data is always secure and confidential.
This page describes some of the security measures we’ve set up to protect your data. We are extremely concerned and active in security. We are always doing our best to maintain and increase the security of Vendor Infra. As such, this page will be regularly updated with new measures and information.
Physical Security
- Technologies like biometric identification, metal detection, cameras, vehicle barriers, and laser-based intrusion detection systems are used to protect Data Center floors
- Security guards are present 24/7/365 to protect access to the servers
- Human audits are regularly run to check the inviolability of sites
- Remote access of the servers requires multiple levels of authentication
- No sensitive server can be accessed directly from the Internet
Network Security
- The Platform runs on custom hardware running a custom hardened operating system and file system.
- Rigorous firewall rules are set up to control ingress and egress of data
- Intrusion Detection System and Intrusion Protection System with alarms of abnormalities
- All actions are logged on an external central logging server configured with alarms & automatic notifications
Data Security
- All communication between your browser and our servers is secured via a strong SSL certificate
- All communications between our internal servers are re-encrypted to ensure it cannot be monitored
- Persistent disks, for instance, are already encrypted using AES-256, and the keys themselves are encrypted with master keys.
- Daily encrypted backups of the database are stored in multiple locations for disaster recovery
- All passwords are encrypted in our database using strong encryption and cannot be decoded
Operational Security
- No sensitive data is displayed in our Customer Support portal
- All developers require strong authentication to be able to push code to our central repository
- All committed code is automatically tested for errors, bugs, and security holes by third party services
- All systems are monitored 24/7 using leading 3rd party tools for errors, exceptions, and performance issues
