MicroBiz Security Policy

Overview of Security Policy for MicroBiz Cloud

 

Cloud Network

We utilize premier cloud computing services providers for our MicroBiz Cloud service. Our primary vendor for MicroBiz Cloud is Digital Ocean, a cloud services provider based in the US.  We also utilize the services of Amazon Web Services (AWS) for data back-up.

Digital Ocean Data Centers

Digital Ocean does not own its own data centers, but instead leases space from third-party telecom companies and colocation/data center providers.  Digital Ocean represents that these data center providers maintain industry-leading access control, including video surveillance, security, access lists, and exit procedures. Digital Ocean regularly audits its data centers to confirm that their services meet its regulatory requirements and validates that its  security requirements are being met.  Digital Ocean is certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, Digital Ocean is committed to protecting sensitive customer and company information. Digital Ocean’s  ISO/IEC 27001:2013 certificate can be viewed here.

Digital Ocean offers worldwide connectivity, robust networking products, Tier-1 bandwidth, and redundant 40G hypervisor connections to ensure 99.99% uptime and throughput over its cloud platform.

Snapshot and Backup Security

All customer data is stored in servers located in third party data centers. Your data is replicated and written to multiple disks within multiple servers within a server cluster. Your data is backed up daily and stored at a different third party cloud provider at a separate location. For redundancy, we use Amazon Cloud Services for snapshots and backups for both MicroBiz Cloud.  These images are stores at AWS on an internal non-publicly visible network on NAS/SAN servers.

MicroBiz Cloud Redundancy and Uptime Planning

MicroBiz Cloud servers are made up of multiple physical servers, switches, hubs and network cards to reduce the possibility of hardware failure. We maintain multiple clusters so that groups of customers can be maintained on different server clusters based on size and/or geographic location. These clusters include application servers, database servers, background task servers and a sync monitor.

DDoS Protection

The network of MicroBiz’s primary cloud providers are protected with firewalls and carefully monitored.  MicroBiz contracts with Cloudflare for DDoS protection.  Cloudflare maintains a large, always-on, distributed defense, which according to CloudFlare stops attacks at the edge across Layers 3, 4, and 7.

Key specs include its global Anycast network, autonomous detection (dosd, gatebot, flowtrackd), adaptive learning for sophisticated L7 attacks (HTTP/2 Rapid Reset), and specialized products like Magic Transit and Spectrum for network/TCP/UDP protection, all integrated into its massive network rather than relying on separate scrubbing centers.

Core Specifications
Network Capacity: Over 449 Tbps globally, significantly larger than the biggest recorded attacks.
Global Anycast Network: Protection is delivered from over 200 data centers at the network edge, avoiding choke points.
Always-On, Autonomous Protection: Cloudflare’s global network participates in detection and mitigation (dosd, gatebot, flowtrackd).
Multi-Layer Defense: Protects Layers 3 (Network), 4 (Transport), and 7 (Application).

Key Features & Technologies
Autonomous Edge: Detects and mitigates attacks at the network edge with dynamic rules.
Adaptive DDoS Protection: Learns traffic patterns to counter advanced L7 and L3/4 attacks.
Advanced Protection: Stateful inspection and traffic profiling for TCP/DNS attacks. 

Credit Card Security

Credit card payment information provided for one time transactions is not retained. For recurring payments, we use a third-party subscription management service provider named Recurly Inc.  When you sign up for a subscription on our website, you are presented with an online payment form hosted and maintained by Recurly. Card information entered into a Recurly form is secured and maintained by Recurly, and MicroBiz does not have access to the full card data entered into the payment form.  Our Recurly account is connected to a Stripe gateway for autobilling transactions.  For more information on Recurly’s security policies, click here.  If you call MicroBiz and provide card information over the phone, the card information is entered into a virtual online payment terminal hosted and secured by Stripe.  For more information on Stripe’s compliance and regulatory policies, click here.  After the payment information has been entered into the Stripe’s virtual payment terminal, all forms with the payment information are safely destroyed.   

Want to learn more?

If you have other security questions call our support at 702 749-5353 or email [email protected]

Need to report an incident?

Please call our support at 702 749-5353 or email [email protected].