Security

Last updated: September 2017

Sendstorm Security

We have thousands of security-sensitive government, health and financial clients around the world.

Platform security

Designed for security

The Sendstorm cloud infrastructure is housed in secure data centers, designed to satisfy the requirements of our most security-sensitive customers. The Sendstorm infrastructure has been designed to provide the highest availability while putting strong safeguards in place regarding customer privacy and segregation.

Constantly monitored

The Sendstorm infrastructure is protected by extensive network and security monitoring systems.. In addition, Sendstorm infrastructure components are continuously scanned and tested. The ClickSend production network is segregated from the Sendstorm corporate network, and access to this network is monitored and reviewed on a daily basis by Sendstorm security managers. The Sendstorm production network is segregated from the Sendstorm corporate network and requires a separate set of credentials for access, consisting of SSH public-key authentication through a bastion host using an MFA token. This access is monitored and reviewed on a daily basis by Sendstorm security managers.

Highly automated

Sendstorm purpose-builds most of our security tools to tailor them for Sendstorm’s unique environment and scale requirements. These security tools are built to provide maximum protection for your data and applications. This means Sendstorm security experts spend less time on routine tasks, and are able to focus more on proactive measures that can increase the security of your Sendstorm Cloud environment.

Highly available

Sendstorm builds its data centers in multiple geographic regions as well as across multiple Availability Zones within each region to offer maximum resiliency against system outages. Sendstorm designs its data centers with significant excess bandwidth connections so that if a major disruption occurs there is sufficient capacity to enable traffic to be load-balanced to the remaining sites, minimizing the impact on you.

Highly accredited

To help you meet specific government, industry, and company security standards and regulations, Sendstorm provides certification reports that describe how the Sendstorm Cloud infrastructure meets the requirements of an extensive list of global security standards, including: ISO 27001, SOC, the PCI Data Security Standard, FedRAMP, the Australian Signals Directorate (ASD) Information Security Manual, and the Singapore Multi-Tier Cloud Security Standard (MTCS SS 584). For more information about the security regulations and standards with which Sendstorm complies, see the Sendstorm Compliance webpage.

Security features

Network security

Sendstorm provides several security capabilities and services to increase privacy and control network access. These include:

  • Built-in firewalls allow us to control network access to our server instances and subnets
  • Encryption in transit with TLS across all services

Data encryption

Data is encrypted in transit and at rest.

De-identify message body

On request, we can de-identify the body of messages to satisfy your strict security and compliance requirements.

Access control

Sendstorm offers you capabilities to define, enforce, and manage user access policies across Sendstorm services. This includes:

  • Identity and access management capabilities to define individual user accounts with permissions across Sendstorm resources
  • Multi-factor authentication for highly privileged accounts, including options for hardware-based authenticators
  • Integration and federation with corporate directories to reduce administrative overhead and improve end-user experience
  • Sendstorm provides native identity and access management integration across many of its services plus API integration with any of your own applications or services.

Monitoring and logging

Sendstorm provides tools and features that enable you to see exactly what’s happening in your Sendstorm environment. This includes:

  • Deep visibility into API calls, including who, what, who, and from where calls were made
  • Log aggregation options, streamlining investigations and compliance reporting
  • Alert notifications when specific events occur or thresholds are exceeded

These tools and features give you the visibility you need to spot issues before they impact the business and allow you to improve security posture, and reduce the risk profile, of your environment.

Sendstorm Compliance

Assurance programs

Our data centre is accredited with the following assurance programs/standards:

  • PCI DSS Level 1
  • SOC 1/ ISAE 3402
  • SOC 2
  • SOC 3
  • IRAP (Australia)
  • ISO 9001
  • ISO 27001
  • MTCS Tier 3 Certification
  • HIPAA
  • FERPA
  • ITAR
  • Section 508 / VPAT
  • FedRAMP (SM)
  • DIACAP and FISMA
  • NIST
  • CJIS
  • FIPS 140-2
  • DoD CSM Levels 1-2, 3-5
  • G-Cloud
  • IT – Grundschutz
  • MPAA
  • CSA
  • Cyber Essentials Plus
  • European Union Data Protection Directive 95/46/EC

Questions?

Free accounts and free advice. Our legal team can’t wait to help you.