Originally Posted by HHS-Rob
With regards to site encryption, everything critical like the billing screens, control panels etc are protected by SSL. The database's are secured making injections extremely difficult. Client passwords are encrypted and cannot be changed by anyone other than the client or an admin.
On the data security side, servers are protected 24/7 by armed guards, biometric scanners, hardware firewalls, software firewalls, redundant this, that and the other.
I know of a few companies who don't really bother about data security, sure they have SSL encryption but that's about it. Hacking technologies are changing pretty much every day. If you are not properly protected then you wont last for long.
What security measures are in place on HD?
Rob, you mention a lot of the techniques to protect the server (and most of these things are only affordable to big companies with deep investment/funding pockets), but can they protect themselves from receiving a spyware/malware that would compromise security on local office PCs?
It is my understanding that you can prevent security breach if you "host" all of the sensitive information through a third-party application on the site, which you can protect. However, most companies wouldn't rely on just one data source to keep all that information on and would prefer a local copy as well. THAT's where it gets tricky! Even if they choose to use external hard drives to store that information, when they connect them to PCs that were invaded with security-compromising viruses/spyware, it becomes irrelevant...
HostingDiscussion.com does not have paid clients, so we do not collect sensitive information about anyone. Altogether we rely on the security of vBulletin application and the security setup of our hosting provider to prevent loss of data.
Originally Posted by Galaxy-Hosts
We have a rule that no sensitive client data is to be stored on a employees workstation. All credit card info and other sensitive data is stored in our data center on a server. Employees have to log in to the client management software or collaboration software with their username and password to access this data. All workstations are scanned for viruses daily and are firewall protected.
So per my point above, are you satisfied with relying on a single point of data storage? Virus is one things, but there are numerous spyware/malware that can track keyboard activity, and still gain access.
Of course a company can only go that far to protect itself, and I am glad you guys are trying to keep your customer information protected (both server and local PC wise), but in todays environment it seems like there is no such things as an "ideal security".