MicroBiz Security Policy

Overview of Security Policy for MicroBiz Cloud

 

Cloud Network

We utilize premier cloud computing services providers for our MicroBiz Cloud service. Our primary vendor for MicroBiz Cloud v1.0 is Hetzner Online, a cloud services data center provider based in Germany.  Our primary vendor for MicroBiz Cloud v2.0 is Digital Ocean, a cloud services provider based in the US.  We also utilize the services of Amazon Web Services (AWS) for data back-up.

Hetzner Data Centers

Hetzner maintains two state of the art data center complexes in Nuremberg and Falkenstein/Vogtland, Germany.  Each site is staffed 24/7/365 with onsite security and to protect against unauthorized entry. Each site has security cameras that monitor both the facility premises as well as each area of the data center internally.  The Hetzner data centers have redundant power, onsite diesel generators and battery backups, physical security, and multiple network transit paths.  There is video-monitored high-security perimeter fencing around the entire data center park.  Entry via electronic access control terminals with a transponder key or admission card.  Hetzner is certified in accordance with DIN ISO/IEC 27001.

Hetzner maintains multi-redundant network connections to important Internet exchanges to provide fast website access.  Hetzner uses multiple tier-1 network transit providers at each facility and all connections are at least 10 gig-E to ensure redundancy and capacity, with some connections (such as to Google, Amazon and OVH) over 50 gig-E.

Digital Ocean Data Centers

Digital Ocean does not own its own data centers, but instead leases space from third-party telecom companies and colocation/data center providers.  Digital Ocean represents that these data center providers maintain industry-leading access control, including video surveillance, security, access lists, and exit procedures. Digital Ocean regularly audits its data centers to confirm that their services meet its regulatory requirements and validates that its  security requirements are being met.  Digital Ocean is certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, Digital Ocean is committed to protecting sensitive customer and company information. Digital Ocean’s  ISO/IEC 27001:2013 certificate can be viewed here.

Digital Ocean offers worldwide connectivity, robust networking products, Tier-1 bandwidth, and redundant 40G hypervisor connections to ensure 99.99% uptime and throughput over its cloud platform.

Snapshot and Backup Security

All customer data is stored in servers located in third party data centers. Your data is replicated and written to multiple disks within multiple servers within a server cluster. Your data is backed up daily and stored at a different third party cloud provider at a separate location. For redundancy, we use Amazon Cloud Services for snapshots and backups for both Cloud v1.0 and Cloud v2.0.  These images are stores at AWS on an internal non-publicly visible network on NAS/SAN servers.

MicroBiz Cloud Redundancy and Uptime Planning

MicroBiz Cloud servers are made up of multiple physical servers, switches, hubs and network cards to reduce the possibility of hardware failure. We maintain multiple clusters so that groups of customers can be maintained on different server clusters based on size and/or geographic location. These clusters include application servers, database servers, background task servers and a sync monitor.

DDoS Protection

The network of MicroBiz’s primary cloud providers are protected with firewalls and carefully monitored.  For example, Hetzner Online uses its automated security tools to protect web applications, websites, servers, and IT infrastructure from this threat. Its automated system recognizes almost all attack patterns in advance, allowing it to block the attacks and effectively thwart the vast majority of them. Hetzner uses the hardware appliances and sophisticated perimeter security technologies to provide protection against large-scale DDoS attacks.

Credit Card Security

Credit card payment information provided for one time transactions is not retained. For recurring payments, we use a third-party subscription management service provider named Recurly Inc.  When you sign up for a subscription on our website, you are presented with an online payment form hosted and maintained by Recurly. Card information entered into a Recurly form is secured and maintained by Recurly, and MicroBiz does not have access to the full card data entered into the payment form.  For more information on Recurly’s security policies, click here.  If you call MicroBiz and provide card information over the phone, the card information is entered into a virtual online payment terminal hosted and secured by TSYS.  For more information on TSYS’s compliance and regulatory policies, click here.  After the payment information has been entered into the TSYS virtual payment terminal, all forms with the payment information are safely destroyed.  For PayPal transactions, we pass customers directly to an online hosted payment form secured and maintained by PayPal.  MicroBiz does not have access to payment information entered into the hosted PayPal payment page. For more information on PayPal’s security protections, click here

Want to learn more?

If you have other security questions call our support at 702 749-5353 or email [email protected]

Need to report an incident?

Please call our support at 702 749-5353 or email [email protected].