EchoSpan Network Security and Availability

How EchoSpan keeps client data safe and accessible, 24x7.

The security of your data is very important to us, as is making certain you can access your EchoSpan tools when you need them. We are committed to investing in industry-leading security and high-availability technologies for our customers.

At-Rest Data Encryption

EchoSpan partners with Vormetric, Inc. to provide clients with the best in at-rest data security. Information that is stored in EchoSpan's database is encrypted by the hardware-based Vormetric Data Security Manager, which encrypts all data using the latest in Elliptical Curve, Suite B technology. This method of encryption, which employs its own dedicated hardware, asymmetric key management and strong separation of duties, is considered much more robust than traditional, software-only or symmetric-key encryption commonly used by other vendors in our industry.

In-Transit Data Encryption

Data being transmitted to and from EchoSpan's Web application is secured by Secure Sockets Layer (SSL) technology. This ensures that information passed between the customer's browser and our servers is secure and private. Additionally, each user session is secured with a unique encryption key that is renewed each time the user logs in. This provides extra protection against hackers that might be monitoring a user's browser session.
 

Dedicated Hardware

We host our Web-based services on hardware that we own. We do not use virtualized servers. This means that no other companies share the hardware that we use to deliver our services to our customers. This arrangement, while more expensive, provides us greater control over and security for the services we provide. All of our servers are hosted by RackSpace in Dallas and Chicago. Single-tenant implementations are available for customers that require complete isolation of their application files and database.


Intrusion Detection and Prevention

EchoSpan employs hardware intrusion detection systems (IDS) to protect its network from malicious site traffic. The purpose of the IDS is to monitor the application's network for suspicious activities and to block requests from computers that it determines are attempting to gain unauthorized access. Our IDS is a dedicated, hardware-based solution and is monitored by Alert Logic, Inc.. Dedicated, hardware-based IDS's are preferable over less expensive, software-based IDS's that are installed directly on application servers as they generally provide superior protection and separation of duties that integrated IDS's cannot. The IDS is manned 24x7 by industry-certified security experts. Policy violations are reported and dealt with within seconds of detection.

Network Firewalls

EchoSpan's firewall system is also a dedicated, hardware-based solution that prevents unauthorized access attempts to the system's network. We do not employ software-based firewalls as we believe them to be less effective with dealing with major network threats, and, they are not appropriate for use in environments with high user volume. As with our IDS, EchoSpan has made a conscious effort to provide more robust network security technologies to protect client data where many competitors choose simpler, cheaper methods of protecting network assets.

Single Sign-On

EchoSpan provides Enterprise Edition clients with complimentary SAML 2.0 single sign-on access for their users. Single sign-on makes EchoSpan access more convenient and secure by allowing your employees to log in using the same username and password combination that they use for your corporate intranet, while never sharing or storing those credentials outside of your organization. Users will then not have to maintain and remember a separate EchoSpan username and password.

Regular Security Reviews

We test our application and infrastructure several times a year for vulnerabilities and performance problems. Regular automated and manual penetration tests are conducted twice a year to ensure that any loopholes in security are detected and remediated. Penetration tests are also performed after every major release of updates to the system.

Regular Load Testing

EchoSpan's application is load tested after major software releases or infrastructure changes to make sure we have network capacity to manage current and anticipated client volume. Benchmarks are set based on maximum client traffic vs. average client traffic to ensure that sufficient bandwidth exists for peak usage. Site traffic is monitored 24x7 with alerts sent to network management any time the system reaches threshold levels.

Redundancy and Multiple Tiers

All EchoSpan systems are redundant. This means that each server running a portion of the EchoSpan system has a "hot" backup ready to take over in the event of trouble. Moreover, all servers contain RAID drives (six hard drives per server), which enables the simultaneous failure of five hard disks without service interruption. Each application function (database management, application, reporting) is housed on its own set of servers, thereby providing true multiple-tier architecture. Multiple-tier architecture helps balance demands on servers and prevents any one particular component of the application from adversely affecting the performance of the others. A multiple-tier architecture costs more to secure and manage, but provides our customers with the highest level of availability and performance.

Load Balancing

EchoSpan's application servers are load balanced by a hardware load-balancing device. This device routes incoming customer requests to servers that have the most available capacity.

Backups

EchoSpan backs up all client data daily to tape and network. Backups are encrypted and stored off-site for 180 days. Iron Mountain provides EchoSpan's offsite backup services and is considered the premier vendor for data storage services.


Disaster Recovery Facilities

EchoSpan maintains a hot disaster recovery facility in a hosting center separate from our main network. In the event of a major system failure, we can reinstate normal operations on the alternate network within 24 hours.


Privacy Shield Certified

EchoSpan is a certified participant in the US-EU Privacy Shield program. The Privacy Shield program provides specific assurances and protections to users that enter personal information into our system. For more information on our Privacy Shield program, please click here.