Below are brief descriptions of the systems and technologies we have put in place to make sure your information is stored and managed with the highest levels of security and due diligence available.
1). Managed Network Intrusion Detection, Prevention and Network Security
KidCheck’s network is secured by a managed firewall device that provides several key security layers to detect and prevent network intrusion. Our firewall is managed & monitored by a 3rd party company that provides us with 24/7 threat detection monitoring and notification, firewall firmware updates, as well as overall network access monitoring. Our system consists of 2 separate and independent firewall devices that operate in an active/passive failover configuration. Should the primary hardware device fail, the secondary comes on-line immediately and provides us with the ability to continue to provide service even in the event of a catastrophic hardware failure.
2). Information Security
Information is secured in our network using several layers of protection. Any non-web server is on a separate non-routable subnet than our Internet exposed web servers. This greatly increases the difficulty of accessing any of our database servers from the open Internet and shields those servers from the vast majority of automated internet attacks. All of the actual data within KidCheck then resides on a secured Storage Area Network that is also on its own non-routable subnet behind the SQL servers. Any sensitive data, including passwords, is encrypted within the database itself to ensure if it were compromised the information would not be readable and hold no value.
3). Secure Communications
All aspects of the KidCheck application are protected by a 128 bit SSL data connection. Our SSL certificate is a verified wildcard certificate meaning that every customer is provided the same level of protection for all data transmissions. KidCheck also checks every browser connection on every page to ensure that the connection is protected, encrypted, and accessible by the user that requested it.
4). User Authentication
User authentication is handled by our own custom authentication system. Every URL request made to KidCheck is verified to ensure that a user has logged in and has access to the requested URL as well as the requested data. All passwords are required to be 6 characters or longer and are stored encrypted in our database. In addition, every user is required to have a globally unique username and any changes or updates to any record are logged and the last user to make a change is displayed at the bottom of each page.
5). Virus Protection
Virus detection and removal is handled at the firewall by our antivirus system. Data that enters the network is scanned prior to it ever entering the KidCheck network. Virus definitions are managed by the antivirus provider and updates are pushed to our firewall as soon as they become available.
6). Data Recovery
System backups are handled directly on our Storage Area Network (SAN). Our LeftHand Networks SAN employs a snapshot based backup technique that allows us to run a complete system backup of all customers in less than 1 second. Snapshots are taken every 12 hours automatically. The SAN is also protected using a network based RAID scheme that provides us with the resiliency to lose 50% of our independent SAN devices as well as up to 32 hard drives before any data is compromised. In addition, the SAN allows us to remotely replicate the snapshot data to a disaster recovery datacenter for complete off site backup.
7). Patches & Vulnerabilities
Any patches or firmware that is needed to update firewalls, servers or storage systems are automatically pushed out from either Cisco or Microsoft. All systems can be patched and updated without taking the system off-line.
8). Physical Security
All servers and systems are housed in an approved and secured datacenter. Our primary facility is located in Boise, ID. All datacenters must meet these requirements:
- 24x7 staffed and monitored datacenter.
- Secure access card guaranteeing authorized access only.
- Redundant power back up by a UPS and generator ensures availability in the event of power outages.
- Dry pipe fire suppression system will ensure hardware is safe in the event of a fire.
- Redundant internet connections on different internet service providers and different internet backbones to different geographic regions.