Security & Privacy

Engagor Security & Privacy

handshake-icon

Our Customer Commitment

At Engagor, we are obsessed with the success of our customers.  It is this core value that drives us to maintain robust security and privacy measures that are designed to ensure the confidentiality, integrity, and availability of the data that is submitted to our Services by our customers or their agents or that is collected by us on behalf of our customers (collectively, the “Customer Data”).  This document provides an overview the security and privacy program and infrastructure that are utilized by Engagor to support of our Social Media Management & Monitoring software as a service (SaaS) solutions (the “Services”).

grid-icon

Engagor System Architecture

Engagor Services are implemented utilizing two-tier architecture using industry established practices and commercially reasonable security countermeasures (e.g.  software based firewalls, NIDS/NIPS):

Application tier: The Application tier connects to the internet and is protected as described above using HTTPS.
Database tier: The Database tier resides on a private-only network, with no internet access. This tier is designed to be accessible only from the Application tier.

Engagor utilizes network-within-a-network topology that is designed to be highly secure. The network is made up of a Private network and Public network.

The Application servers are part of the Public and Private networks using HTTPS (port 443) only. Customers do not require additional ports and protocols.  Database servers are hosted in the Private network only.

good-assesstment

Assessments and Compliance

Engagor follows the OWASP standard for developing and testing our Services.  Application security assessments are performed internally with each major release of the Company’s Services.  We undergo annual independent third party assessments that include: the security program, web application assessment, vulnerability scans and penetration testing.

We perform manual and automated testing of each Subscription Service code release. The environment applicable to the Services is further subject to weekly vulnerability scanning.

Infrastructure Provider: Engagor uses Unix Solutions BVBA, as its primary data center provider, located in Zaventem, Belgium. Information about Unix Solutions is available from their website.

Engagor also uses Amazon AWS and Google Compute Engine as other data centers to process and backup data.

Amazon AWS’s compliance information is available at their website. Their ISO certificate is available here.

Google Compute Engine’s compliance information is available from their website. Their ISO certificate is available here.

security

System Security

In addition to the architectural security measures described above, our Unix Solution data center is operated so that while the datacenter provider manages the hardware and network, it has no access to the hardware once provisioned by Engagor for customers.  Engagor manages the operating system and applications and disables all access, except physical.  All access for system administration is only available over SSH. All servers are provisioned with a standard security configuration.  Puppet is used for locking down security configuration.

umbrella-icon

Data Center Physical Security

Engagor maintains industry standard physical and operational security measures, such as utilizing data centers that are located only in facilities with controlled access and 24-hour security, having no public-facing server room doors, digital security video surveillance, access that is strictly limited to data center employees using a key-card, with access logged in a digital access log, prohibiting data center tours and barcode-only identification on hardware (i.e., no customer markings of any type on the servers themselves).

location-icon

Data Center Locational and Environmental Redundancy

All core systems are configured to provide for geographic redundancy for disaster recovery and business continuity purposes in the locations described below.  This redundancy utilizing geographically separated data centers is designed to provide superior reliability and data integrity.

USA:
Amazon AWS, region US standard (Backups)
Google Compute Engine, region us-central1-a (Data Capture)
EU:
Amazon AWS, region EU Ireland (Backups),
Zaventem, Belgium (Application/Database tiers), Google Compute Engine, region europe-west1-b (Operation Monitoring)

Our data centers environmental redundancy measures include:  Thousands of amps of input power with multiple high voltage 480v power feeds, multiple UPS battery backup units, multiple diesel generators with on-site fuel storage, redundant HVAC units and pre-action dry pipe fire suppression

data-security-transfer-icon

Data Security, Data Transfer, and VPN Access

In addition to the security measures described above, our data security, data transfer and SSH access measures included the following:  access to customer data is controlled using access control lists, permissions, and role-based groups.

Data transfer by customers is encrypted with SSL/HTTPS. Data transfer for administrational purposes is encrypted with SCP.

SSH: A securely configured SSH setup is in place for all system administration access. Only 2 servers are publicly accessible (over SSH) as entry points for the private network.

email-warning

Incident Management and Notification

Engagor has implemented and maintains security incident management policies and procedures.  Engagor will promptly notify any impacted customer of verified or believed security incidents, such as any unauthorized disclosure of Customer Data, to the extent not prohibited by law, regulation or the order of any court or legal authority.

shield-icon

Security Policy Overview

Engagor maintains a security program and policy suite based on NIST SP 800-53 (Revision 4). Policies are available to customers under non-disclosure agreement. Policy highlights include:

All systems are deployed utilizing an industry standard security configuration.  Access to systems is provided enforcing ‘need to know’ and ‘least privilege’ principles. All access to the data center will be provided over SSH.  All application tier servers only have port 443 (HTTPS).

Base password strength policy is customizable by customer provided that it must conform to the following minimums: “strong” passwords that are a minimum of 8 characters in length and have a client configurable maximum age. All applications are required to implement a username and password authentication.  Account lockout occurs after a client configurable amount of failed login attempts. Unlocking requires account admin or Engagor staff manual action. No default application and system passwords are used.

Customers can request an annual pen test and security assessment of the Engagor production environment, provided a suitable time frame for this is agreed with Engagor.

Further, to provide greater assurance that our security program is followed, all Engagor employees undergo security training within 30 days of hire.

encryption

Encryption Standards

Engagor implements, monitors, and upgrades encryption based on current NIST guidelines as well as industry recognized practices and standards. We support TLS 1.0 or higher for HTTPS and HTTPS API, AES 256 for SSH, and AES 256 with key stretching for passwords saved in databases.

Data Center Monitoring: Data center provider actively monitors the data center environment (power access, temperature, access) and network and notifies Engagor as soon as any issues are identified. Automated tickets are immediately opened to address any issues.
Engagor Monitoring: Engagor uses a robust monitoring solution (Server Density) to proactively monitor hardware and the Engagor Services around the clock in order to maintain uptime and proactively resolve issues. Engagor also monitors Host Ping + IPMI Statistics. Automated notifications are in place to notify the team of issues or outages.

data-deletion

Media Sanitization and Data Deletion

Engagor has implemented a high-speed disk based backup solution.  All applications, databases and configurations are backed up daily. Main backups are located in a geographically separate location from the source data (Application and Database servers). For several components we have a redundant active-active setup.

Access to the backup system is controlled and only authorized users can access the backup system.  Backups are never stored on removable media.

Engagor performs quarterly disaster recovery exercises. They include a variety of tests to validate recovery time objectives (RTO), as well as recovering in a separate data center in the event the primary data center becomes unrecoverable.

key-icon

Logging and Monitoring

Data Center Monitoring: Data center provider actively monitors the data center environment (power access, temperature, access) and network and notifies Engagor as soon as any issues are identified. Automated tickets are immediately opened to address any issues.
Engagor Monitoring: Engagor uses a robust monitoring solution (Server Density) to proactively monitor hardware and the Engagor Services around the clock in order to maintain uptime and proactively resolve issues. Engagor also monitors Host Ping + IPMI Statistics. Automated notifications are in place to notify the team of issues or outages.

backup-icon

Backups and Disaster Recovery

Engagor has implemented a high-speed disk based backup solution.  All applications, databases and configurations are backed up daily. Main backups are located in a geographically separate location from the source data (Application and Database servers). For several components we have a redundant active-active setup.

Access to the backup system is controlled and only authorized users can access the backup system.  Backups are never stored on removable media.

Engagor performs quarterly disaster recovery exercises. They include a variety of tests to validate recovery time objectives (RTO), as well as recovering in a separate data center in the event the primary data center becomes unrecoverable.

See the Difference CX Social Makes

Looking for faster social response times and better social issue resolution?