Autopilot Security Overview
Customer data is one of the most valuable assets a company has. That’s why our top priority is delivering a high-performance solution with a focus on keeping our customers’ data safe and their interactions secure. Cloud-based software is all about providing uninterrupted, reliable service, making information security a major focus for first-rate cloud vendors.
Autopilot customers of all sizes get the benefit of a comprehensive, high-performance solution with a low total cost of ownership — all while keeping their data safe, their interactions secure, and their businesses protected. Our application and network infrastructure exceeds industry security expectations.
Below we outline how we achieve our high levels of performance, availability, and security.
- A dedicated, deeply experienced architecture team
- 24x7x365 systems server monitoring
- Automated vulnerability analysis via network, host, and application scans
- Code assessment through review process
- Employee programs and training to reinforce security awareness and communication
- A secure, multi-tenant network architecture
- Active performance and availability monitoring of all data centers 24x7x365
- Offsite backups
- DDOS mitigation technologies
- SOC 2 Type II, SOC 3 and ISO27001 compliant data centers
- Autopilot servers are hosted at SOC 2 Type II, SOC 3 and ISO27001 compliant facilities
- Facilities features 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant power, each with UPS and backup generators. All systems, networked devices, and circuits are constantly monitored.
- Access is limited to a small group of data center employees who have a need to know
Product Security Features
- One-way hash encrypted passwords
- Audit logging and event alerting
- Regular updates rolled out to all customers, ensuring everyone has the latest application and security innovation
- Firewalled customer databases
- Compliant with SSAE16, SOC1, ISAE 3402, ISO 27001, CSA, and other standards
- 24⁄7 physical security of data centers and network operations center monitoring
- Server hardening• Full-system virus scanning and systems patching
- Authorization: Grant read, write, admin permissions to specific databases, JSON documents, and JSON fields
- “In-flight” Encryption: all access to our database is encrypted via HTTPS
- Access Logs: All access to our database is logged for auditing purposes
- All communications with Autopilot servers are encrypted by default using industry standard SSL
- This ensures that all traffic between you and Autopilot is secure during transit
- Additionally for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers
- The Autopilot application maintains a robust application audit log, to include security events such as user logins or configuration changes.
- Additionally, Autopilot follows secure credential storage best practices by storing passwords using the bcrypt (salted) hash function
- All access to data within Autopilot is governed by access rights.
- Every user who attempts to access your Autopilot instance is authenticated by username and password
- The administrator of your Autopilot instance controls access by limiting access to only those who are needed to administer your account