SharpSpring considers data security of the utmost importance. SharpSpring takes many steps to maintain data integrity. This article will detail how SharpSpring protects data.
SharpSpring routinely audits the application, infrastructure, and security in effort to maintain a safe and secure service. The audits involved are as follows:
|Application Audits:||SharpSpring goes through a quarterly PCI audit administered by TrustWave. These audits evaluate SharpSpring’s application footprint and extranet tools for industry-published vulnerabilities and attack vectors.
|Infrastructure Audits:||SharpSpring infrastructure and development deployments— including source code changes—are peer-reviewed, QA-tested, and audited before every testing and production release. These steps are taken for consistency, to protect against potential known vulnerabilities or threats, and to ensure product stability using a series of automated and manual tests.
|External Audits:||As both a Salesforce and Google partner, SharpSpring continually undergoes mandatory rigorous third-party security auditing and review to maintain necessary partner compliance.
|Security Audits:||SharpSpring performs routine security audits on all servers and applies security updates as they are made available. The SharpSpring Vulnerability Assessment team performs internal audits using a combination of both open-source and proprietary industry standard tools—such as OpenVas and Nessus—to assess the SharpSpring platform.|
SharpSpring makes a point to practice safety in the digital sphere. This safety starts and ends with data security. The ways that SharpSpring practice data safety include:
|Data in Transit:||All sensitive data shared between the application, extranet, tracking endpoints, and servers is transferred using Transport Layer Security (TLS) with up-to date-ciphers utilizing (at a minimum) 256-bit RSA encryption keys.
|Data at Rest:||Credentials are stored in an encrypted on-disk format to prevent the data from being compromised in the event that a data theft or data breach incident occurs.
|Redundant Architecture:||SharpSpring uses a redundant server architecture (which includes removing single points of failure and quickly having the ability to scale) that will protect client data and the continuity of SharpSpring’s services in the event the primary infrastructure suffers loss or outages.
|Data Backup:||SharpSpring's backup procedures follow the basic rules of the CIA triad: confidentiality, integrity, and availability. Backups are verified for integrity, are encrypted, are securely transferred, and are stored at both on-site and off-site locations. These backups are then verified through reanimation testing.