As a Saas company, one of the frequent questions we get from prospects and customers has to do with how secure our hosting environment is.
While your email signature might not carry the same weight as your company’s financials, we treat them as if they did.
So, we decided to do a quick write up on how we approach security at Xink.
So, if you’re technically included, keep reading.
If you’re not, you can keep reading too, you’ll be better armed next time someone comes up to you at a cocktail party and begins to talk about “the security standards of well known Saas companies”.
With regards to our platform and infrastructure, security is an important topic for us, even more, important than features and interface development. We take security extremely seriously and are doing as much work as possible to ensure that your data is safe.
Let’s break it down:
Cloud to Cloud communications
A key part of the architecture behind Xink is based on our client app communicating with our cloud servers. Another component of traffic is pure cloud-to-cloud, without any data needing to travel to any clients at all.
This application uses Windows built-in credentials storage to save employee ID and password. The storage is encrypted by native Windows mechanisms. The same thing goes for the Mac version. We use the MacOS credential storage as well and the traffic is equally encrypted as for Windows.
Data and Traffic Transmission and Encryption
Let’s start with the data traffic from the client app for Windows and Mac:
- All traffic between the client app and our Xink cloud is encrypted using strong algorithms.
- Server authenticity is confirmed by our digitally signed certificate.
- The client application uses Windows encrypted storage to save employee credentials.
- Server-side, Xink doesn’t store any passwords, only hashes.
- We can never see or compromise your password and no one will be able to do so.
All customer data is stored in Microsoft Azure
The Xink cloud service connects to the Azure database by using an encrypted TCP connection.
The database security prohibits any access to the data tables directly and particularly all web part calls are implemented as stored procedures.
There is no way to read password hashes; only the “validate user” procedure is available to check if the provided credentials are valid or not.
Furthermore, our Web service identity is verified by a Secure Certification Authority.
The connection is encrypted with 128-bit encryption (AES_128_CBC with SHA1 for message authentication and RSA as the key exchange mechanism).
So yes, your data is absolutely secure!
As with most modern cloud-based systems, the weakest part of the security-chain has to do with your password.
We suggest a complex, alphanumeric (not forgetting special characters) passwords, changed frequently.
We’ll take care of the rest.
Microsoft Azure Trust Center
Generally, we refer to Microsoft Azure Trust Center which is the Xink back-end.