SharpSpring considers data security of the utmost importance. SharpSpring takes many steps to maintain data integrity. This article will detail how SharpSpring protects data.
SharpSpring routinely audits the application, infrastructure, and security in effort to maintain a safe and secure service. The audits involved are as follows:
|Application Audits||SharpSpring goes through a quarterly PCI audit
administered by TrustWave. These audits evaluate
SharpSpring’s application footprint and extranet tools for
industry-published vulnerabilities and attack vectors.
|Infrastructure Audits||SharpSpring infrastructure and development deployments—
including source code changes—are peer-reviewed,
QA-tested, and audited before every testing and production
release. These steps are taken for consistency, to protect
against potential known vulnerabilities or threats, and to
ensure product stability using a series of automated and
|External Audits||As both a Salesforce and Google partner, SharpSpring
continually undergoes mandatory rigorous third-party
security auditing and review to maintain necessary partner
|Security Audits||SharpSpring performs routine security audits on all servers
and applies security updates as they are made available.
The SharpSpring Vulnerability Assessment team performs
internal audits using a combination of both open-source
and proprietary industry standard tools—such as OpenVas
and Nessus—to assess the SharpSpring platform.
SharpSpring makes a point to practice safety in the digital sphere. This safety starts and ends with data security. The ways that SharpSpring practice data safety include:
|Data in Transit||All sensitive data shared between the application, extranet,
tracking endpoints, and servers is transferred using
Transport Layer Security (TLS) with up-to date-ciphers
utilizing (at a minimum) 256-bit RSA encryption keys.
|Data at Rest||Credentials are stored in an encrypted on-disk format to
prevent the data from being compromised in the event
that a data theft or data breach incident occurs.
|Redundant Architecture||SharpSpring uses a redundant server architecture (which
includes removing single points of failure and quickly having
the ability to scale) that will protect client data and the
continuity of SharpSpring’s services in the event the primary
infrastructure suffers loss or outages.
|Data Backup||SharpSpring's backup procedures follow the basic rules of
the CIA triad: confidentiality, integrity, and availability.
Backups are verified for integrity, are encrypted, are securely
transferred, and are stored at both on-site and off-site
locations. These backups are then verified through