As a Saas company, one of the frequent questions we get from prospects and customers has to do with how secure our hosting environment is. While your email signature might not carry the same weight as your company’s financials, we treat them as if they did. So, we decided to do a quick write up on how we approach security at Xink. So, if you’re technically included, keep reading. If you’re not, you can continue reading too, and you’ll be better armed next time someone comes up to you at a cocktail party and begins to talk about “the security standards of well known Saas companies.”
With regards to our platform and infrastructure, Security is an essential topic for us, even more, important than features and interface development. We take security extremely seriously and are doing as much work possible to ensure that your data is safe.
Where is Xink hosted?
The Xink backend is the Microsoft Azure Cloud, which is an ISO 27001 certified platform. Microsoft Azure Cloud provides the best imaginable security for you and your data.
The Xink web portal is fully GDPR compliant
At Xink, we process employee data on behalf of companies when they manage their email signatures in our platform. We store all data in secure ISO 27001 certified environments, and the location of where data is stored will never leave the location they are stored. We are fully GDPR compliant.
Learn more in our blog post from May 2018.
Can we choose the datacenter ourselves?
Yes, you can choose if you want your data in the USA, Canada, United Kingdom, Europe or Australia. If your company wants to move to another data centre, then we can do this for you.
How is a connection from Xink app to Xink servers?
The connection is encrypted of course. We use secure AES to protect client-side data and https to protect all data transfers on the transport level.
Are any browser plug-ins required?
No browser plug-ins are required to run Xink or to administer Xink.
Does Xink offer tokenized API integrations?
Yes. Please see our detailed API description on our API developer documentation page.
Who owns the employee data under the hosting agreement?
You own your data. If you want your data deleted, we will delete your account completely.
What is the frequency of Xink product releases?
Roughly once per month we update and upgrade Xink services. Please see our product roadmap page to follow our releases.
Where is Xink technical support located?
Xink technical support is located in the US, Canada, Europe, United Kingdom and APAC region.
Is two-factor authentication (or multi-factor) used to authenticate the identity of remote users?
Yes - MFA is implemented as an extra security layer that can be chosen by the administrator. Learn more.
Do you logically segregate your development, test and production environments?
Yes, these are all separated.
Is intrusion detection or prevention implemented?
Yes, we have intrusion detection and services as well as alerts if there is any suspicious activity or unauthorized login attempts.
Are there external physical access controls and physical intrusion detection systems protecting computer facilities?
Xink is based on Windows Azure which is ISO 271001. Only approved Microsoft employees have physical access to these premises.
Is Xink secure as a cloud solution?
Yes, of course. Please also see this blog post with essential security explanations.
What are firewall considerations there to consider as far as ports to open, web filtering to configure, etc.?
You need to open port 443 (https enabled).
Does Xink perform a penetration test regularly?
Yes, we do.