Customer data is one of the most valuable assets a company has. That’s why our top priority is delivering a high-performance solution with a focus on keeping our customers’ data safe and their interactions secure. Cloud-based software is all about providing uninterrupted, reliable service, making information security a major focus for first-rate cloud vendors.
Autopilot customers of all sizes get the benefit of a comprehensive, high-performance solution with a low total cost of ownership — all while keeping their data safe, their interactions secure, and their businesses protected. Our application and network infrastructure exceeds industry security expectations.
Below we outline how we achieve our high levels of performance, availability, and security.
A dedicated, deeply experienced architecture team
24x7x365 systems server monitoring
Automated vulnerability analysis via network, host, and application scans
Code assessment through review process
Employee programs and training to reinforce security awareness and communication
A secure, multi-tenant network architecture
Active performance and availability monitoring of all data centers 24x7x365
DDOS mitigation technologies
SOC 2 Type II, SOC 3 and ISO27001 compliant data centers
Autopilot servers are hosted at SOC 2 Type II, SOC 3 and ISO27001 compliant facilities
Facilities features 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant power, each with UPS and backup generators. All systems, networked devices, and circuits are constantly monitored.
Access is limited to a small group of data center employees who have a need to know
Product Security Features
One-way hash encrypted passwords
Audit logging and event alerting
Regular updates rolled out to all customers, ensuring everyone has the latest application and security innovation
Firewalled customer databases
Compliant with SSAE16, SOC1, ISAE 3402, ISO 27001, CSA, and other standards
24/7 physical security of data centers and network operations center monitoring
Server hardening• Full-system virus scanning and systems patching
Authorization: Grant read, write, admin permissions to specific databases, JSON documents, and JSON fields
“In-flight” Encryption: all access to our database is encrypted via HTTPS
Access Logs: All access to our database is logged for auditing purposes
All communications with Autopilot servers are encrypted by default using industry standard SSL
This ensures that all traffic between you and Autopilot is secure during transit
Additionally for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers
The Autopilot application maintains a robust application audit log, to include security events such as user logins or configuration changes.
Additionally, Autopilot follows secure credential storage best practices by storing passwords using the bcrypt (salted) hash function
All access to data within Autopilot is governed by access rights.
Every user who attempts to access your Autopilot instance is authenticated by username and password
The administrator of your Autopilot instance controls access by limiting access to only those who are needed to administer your account