Xeppo Security Overview
Data and Security
Xeppo takes the security of your data very seriously. As a result we have taken all necessary measures to ensure the appropriate security and risk management protocols are in place.
Summary of key features
- Cloud based infrastructure all Australian based
- Regular security scans (PCI compliance)
- Data encrypted in transit
- Data encrypted at rest
- Data breach management complies with Australian regulations
- Secure data center
- High availability capabilities
- Disaster recovery plan and capabilities
(PDF version of this article also available at the bottom of this article).
Overview
This article details key security related aspects of the Xeppo application and its infrastructure. Infrastructure is managed by our hosting partner MS Azure.
The Xeppo portal is a public facing, web-based application, hosted in a highly-available environment. Use of the Xeppo portal is encrypted via SSL as is communication between Xeppo source system Connectors and the central warehouse.
Application Security
The Xeppo application is secured through username and password. Issuing of logins is managed by Xeppo users with the Practice Admin role. .
Two-factor authentication is mandatory for all Xeppo users. In the instance of a user not being able to access their two-factor authentication method, they may use a one-time only Recovery Code specific to them. There is also a forgotten password option via the standard login screen.
Data Security
Xeppo’s back-end infrastructure is built on Microsoft SQL 2016 Enterprise where we have implemented “Row Level Security” (RLS) to secure data between tenants. Through this implementation we secure data access at a per-record level within the database rather than within the data access layer in the application. This ensures that no unauthorised access between practices is possible.
Data is encrypted at rest using Transparent Data Encryption (TDE) allowing the application to function as normal, but with all client data encrypted on the physical storage and in backups.
Note that Xeppo does not hold sensitive data such as credit card numbers or bank details. Client TFNs are hashed within Xeppo so cannot be read in plain text. Hashed TFN values are used within the matching process only and is not displayed in the interface.
Data Transfer Security
For on-premises connectors such as APS and MYOB, all communication of data to the Xeppo warehouse is encrypted via SSL. Connectors that retrieve data from cloud based sources reside within Xeppo’s secure environment.
Backup
Database and Application backups are managed by our hosting partner MS Azure, through snapshots of virtual servers. Backups are performed nightly and synchronised to an additional data center as well as an offsite backup. These retained for 30 days.
Data is encrypted at rest using Transparent Data Encryption (TDE) allowing the application to function as normal, but with all client data encrypted on the physical storage and in backups.
Disaster Recovery
In the event of total failure of the primary data center, Xeppo will be restored within 8 – 16 hours, with a maximum loss of data of one business day. As the majority of data within Xeppo is obtained from source systems, a refresh of this data can occur post recovery, restricting actual data loss to only data entered directly in Xeppo within the last business day (e.g. Tags, System Configuration, Apps data such as Opportunities or Activities, etc.).
Vulnerability Scans
Monthly vulnerability scans are performed on both the Application and the Infrastructure layers using the Qualys suite of security products.
Application scans test using both authenticated and non-authenticated access to determine any existing vulnerabilities at the application level.
Infrastructure scans are attested by the scan provider to a level of PCI compliance.
Internal testing is also executed prior to each deployment of the application using Unit Testing & Functional Testing within the development team and User Acceptance Testing (UAT) by Distributors, Directors and Key Stakeholders.
Data Access
Xeppo developers require access to client data in order to perform their regular duties including testing, maintenance and support. Access to the hosting infrastructure is restricted to the development team.
Data access at the application level is made available to support staff from the Xeppo Distributors where required. All actions through the Xeppo portal are audited.
Xeppo developers are required to provide a valid National Police Certificate before commencing employment.
Risk Management
In order to further reduce risk in relation to compromising security, the following measures are in place for Xeppo staff with client data access.
- All application development is performed in a remote, password secured development environment within the data center, ensuring that RDP credentials must be used in order to gain access, even when a local machine may be compromised.
- Local machines are password secured.
- Encrypted local drives ensure that loss or theft of machines would not compromise any locally stored data, though through policy, no data is to be stored on local machines.
- Clean desk & computer locking policy to ensure no data can be physically accessed unless authorised.
- Secure premises with key-card authorisation required.
Comments
When will Two-factor authentication be available for Xeppo?
Article is closed for comments.