Security & Infrastructure
Security and Reliability are core functions of our on-demand software infrastructure. We accomplish this by operating multiple, geographically dispersed data centers with extensive backup, archiving, and failover capabilities and by focusing daily on Prevention, Preparedness, Detection, and Resolution.
- World class hosting facilities with multiple redundant systems and security
- Continuous transmission of customer data to remote failover site (out-of-region)
- Engineers on-call 24x7x365
- System monitored 24x7x365
- Disaster Recovery plan is tested regularly
Backstop's production servers and network devices are co-located in Tier 1 hosting facilities that include redundant systems for cooling, power management, fire suppression and internet connectivity. The hosting facilities are SAS 70 certified, have biometric access control, and are staffed 24x7x365. The primary and secondary facilities are more than 800 miles apart.
Our Production network uses redundant networking equipment, configured for failover. We maintain spare server capacity in our application server farm. Our database is a multi-server cluster with Enterprise Storage Area Network (SAN) architecture.
Our failover facility houses application servers that are configured to run Backstop. Our production database continuously transmits changes to customer data to our remote failover database.
The production facility is monitored 24x7x365 for interruptions in service. Automated onsite and offsite monitors immediately notify multiple members of Backstop's staff in case of service disruption.
The physical security and integrity of Backstop's hosting facility is achieved and maintained by robust construction, comprehensive access controls, video surveillance monitoring, 24x7x365 security personnel and comprehensive certified policies and procedures.
The hosting facility's critical exterior perimeter walls, doors and windows are constructed of materials that afford UL-rated ballistic protection. Proximity card readers control access into perimeter doors, shipping/receiving areas, storerooms and other critical areas. Biometric hand print scanners control access into the most critical areas.
When clients connect to Backstop from their office, or anywhere else, all information is transmitted in encrypted format, utilizing the Transport Layer Security (TLS) protocol and 256-bit Advanced Encryption Standard (AES) algorithm. This is a strengthened version of the 128-bit cryptographic protocol typically utilized by major banks and prime brokers for transactions over the web. The NSA has approved 256-bit AES to protect "Top Secret" level classified information.
Clients have the ability to set access permissions for all of the Backstop users in their organization. Backstop's roles-based security model allows the local administrator to determine which users have access to different categories of information within the application.
Backstop Solutions Group also takes measures to ensure confidentiality among staff. All members of the Backstop team are subject to comprehensive background checks prior to employment. Additionally, all employees are bound by strict non-disclosure and client data confidentiality agreements.