At-Rest Data Encryption
EchoSpan partners with
to provide clients with the best in at-rest data security. Information
that is stored in EchoSpan's database is encrypted by the hardware-based
Vormetric Data Security Manager, which encrypts all data using the
latest in Elliptical Curve, Suite B technology. This method of
encryption, which employs its own dedicated hardware, asymmetric key
management and strong separation of duties, is considered much more
robust than traditional, software-only or symmetric-key encryption
commonly used by other vendors in our industry.
In-Transit Data Encryption
Data being transmitted to and from EchoSpan's web application is
secured by Secure Sockets Layer (SSL) technology. This ensures that
information passed between the customer's browser and our servers is
secure and private. Additionally, each user session is secured with a
unique encryption key that is renewed each time the user logs in. This
provides extra protection against hackers that might be monitoring a
user's browser session.
We host our web-based services on hardware that we own. We do
not use virtualized servers. This means that no other companies
share the hardware that we use to deliver our services to our
customers. This arrangement, while more expensive, provides us
greater control over and security for the services we provide.
All of our servers are hosted by RackSpace in Dallas and
Chicago. Single-tenant implementations are available for
customers that require complete isolation of their application
files and database.
Intrusion Detection and Prevention
EchoSpan employs hardware intrusion detection systems (IDS) to
protect its network from malicious site traffic. The purpose of the IDS
is to monitor the application's network for suspicious activities and to
block requests from computers that it determines are attempting to gain
unauthorized access. Our IDS is a dedicated, hardware-based solution and
is monitored by Alert Logic, Inc.
. Dedicated, hardware-based IDS's are preferable
over less expensive, software-based IDS's that are installed directly on
application servers as they generally provide superior protection and
separation of duties that integrated IDS's cannot. The IDS is manned
24x7 by industry-certified security experts. Policy violations are
reported and dealt with within seconds of detection.
EchoSpan's firewall system is also a dedicated, hardware-based
solution that prevents unauthorized access attempts to the system's
network. We do not employ software-based firewalls as we believe them to
be less effective with dealing with major network threats, and, they are
not appropriate for use in environments with high user volume. As with
our IDS, EchoSpan has made a conscious effort to provide more robust
network security technologies to protect client data where many
competitors choose simpler, cheaper methods of protecting network
Enterprise Edition clients with complimentary SAML 2.0 single sign-on access
for their users. Single sign-on makes EchoSpan access more
convenient and secure by allowing your employees to log in using
the same username and password combination that they use for
your corporate intranet, while never sharing or storing those
credentials outside of your organization. Users will then not
have to maintain and remember a separate EchoSpan username and
Regular Security Reviews
We test our application and infrastructure several times a year for
vulnerabilities and performance problems. Regular automated and manual
penetration tests are conducted twice a year to ensure that any
loopholes in security are detected and remediated. Penetration tests are
also performed after every major release of updates to the system.
Regular Load Testing
EchoSpan's application is load tested
after major software releases or infrastructure changes to make
sure we have network capacity to manage current
and anticipated client volume. Benchmarks are set based on maximum
client traffic vs. average client traffic to ensure that sufficient
bandwidth exists for peak usage. Site traffic is monitored 24x7 with
alerts sent to network management any time the system reaches threshold
Redundancy and Multiple Tiers
All EchoSpan systems are redundant. This means that each server
running a portion of the EchoSpan system has a "hot" backup ready to
take over in the event of trouble. Moreover, all servers contain RAID
drives (six hard drives per server), which enables the simultaneous
failure of five hard disks without service interruption. Each
application function (database management, application, reporting) is
housed on its own set of servers, thereby providing true multiple-tier
architecture. Multiple-tier architecture helps balance demands on
servers and prevents any one particular component of the application
from adversely affecting the performance of the others. A multiple-tier
architecture costs more to secure and manage, but provides our customers
with the highest level of availability and performance.
EchoSpan's application servers are load balanced by a hardware
load-balancing device. This device routes incoming customer requests to
servers that have the most available capacity.
EchoSpan backs up all client data daily to tape and network. Backups
are encrypted and stored off-site for 180 days.
provides EchoSpan's offsite backup services and is
considered the premier vendor for data storage services.
Disaster Recovery Facilities
EchoSpan maintains a hot disaster recovery facility in a hosting
center separate from our main network. In the event of a major
system failure, we can reinstate normal operations on the
alternate network within 24 hours.
Privacy Shield Certified
EchoSpan is a certified participant in the US-EU Privacy Shield program. The Privacy Shield program provides specific assurances and protections to users that enter personal information into our system. For more information on our Privacy Shield program, please click here