As a Saas company, one of the frequent questions we get from prospects and customers has to do with how secure our hosting environment is. While your email signature might not carry the same weight as your company’s financials, we treat them as if they did. So, we decided to do a quick write up on how we approach security at Xink. So, if you’re technically included, keep reading. If you’re not, you can continue reading too, and you’ll be better armed next time someone comes up to you at a cocktail party and begins to talk about “the security standards of well known Saas companies.”
With regards to our platform and infrastructure, Security is an important topic for us, even more, important than features and interface development. We take security extremely seriously and are doing as much work possible to ensure that your data is safe.
Where is Xink hosted?
Xink is hosted with Microsoft Azure which is an ISO 27001 certified platform. This provides the best imaginable security for you and your data.
Can we choose the datacenter ourselves?
Yes, you can choose if you want your data in the USA or Europe. If your company wants to move data from the USA to Europe, then we can do this for you.
How is a connection from Xink app to Xink servers?
The connection is encrypted of course. We use strong AES to protect client-side data and https to protect all data transfers on the transport level.
Are any browser plug-ins required?
No browser plug-ins are required to run Xink or to administer Xink.
Does Xink offer tokenized API integrations?
Yes. Please see our detailed API description on our API developer documentation page.
Who owns the employee data under the hosting agreement?
You own your data. If you want your data deleted, we will delete your account completely.
What is the frequency of Xink product releases?
Roughly once per month we update and upgrade Xink services. Please see our product roadmap page to follow our releases.
Where is Xink technical support located?
Xink technical support is located in the US, Europe, and APAC region.
Is two-factor authentication (or multi-factor) used to authenticate the identity of remote users?
We will implement a choice for Xink administrators to have two-factor validation in 2017 – see product roadmap.
We will add it as an extra security layer that can be chosen by the administrator.
Do you logically segregate your development, test and production environments?
Yes, these are all separated.
Is intrusion detection or prevention implemented?
Yes, we have intrusion detection and services as well as alerts if there is any suspicious activity or unauthorized login attempts.
Are there external physical access controls and physical intrusion detection systems protecting computer facilities?
Xink is based on Windows Azure which is ISO 271001. Only approved Microsoft employees have physical access to these premises.
Is Xink secure as a cloud solution?
Yes of course. Please also see this blog post with basic security explanations.
What are firewall considerations there to consider as far as ports to open, web filtering to configure, etc.?
You need to open port 443 (https enabled).
Does Xink perform a penetration test on a regular basis?
Yes, we do.