Here at Centrex Software we have security as a top priority to make sure your platform is safe and secure at all times. In order to make sure your clients also know about Centrex Software’s security methods and how safe their personal and business information is, we have created a “Centrex Safe” seal that you can add to your website and/or marketing material and then link to this page. You can copy the seal image below and add it anywhere you would like to ensure your clients fully understand their data is secure.
Centrex Software has made the commitment to invest appreciable resources and systemic intelligence to assure smooth and safe functionality. Our commitment is ongoing, hardened by security initiatives at the Physical, Hardware, Software and Logical levels — enhanced with redundancy that tightens continuity concerns.
You can put your full trust in Centrex Software. You can have the peace of mind that enables you to concentrate on your business, not on issues that compromise your future.
The Physical Level
It’s not uncommon for customers to ask worrisome questions about their relationship with an SaaS provider. “Where is our data in the cloud?” “How do you protect our data?” “What happens to us if you have some problems?” Centrex Software does not regard these questions as knee-jerk nervousness or unnecessary concerns. There is a chain of accountability in business, and you have to be responsible to your customers, too.
Our comprehensive security starts impressively at the “physical level,” where six heavy-duty, caged, solely dedicated servers act as the heart of our cutting-edge cloud infrastructure. These servers, on which all of our information is stored, are housed at one of most advanced infrastructure centers in the world, ServerCentral, a suburban Chicago-based 485,000 square-foot building with a 275,000 square-foot raised floor. This building exceeds Tier III standards as defined by the Uptime Institute and boasts Type II AT-101 SOC 2 compliance. ServerCentral has 100% uptime SLAs on power and IP service, as well as competitive SLAs on cooling and humidification. Cooling specifications feature minimum N+2 redundancy plus 300+ 40-ton Computer Room Air Handler (CRAH) units.
Physical security specifications of ServerCentral include:
● 24/7 security staff
● Visitor screening
● Dual-factor authentication via biometric and proximity scanners
● Anti-tailgating mantrap door
● Recorded CCTV video surveillance
● Isolated shipping-and-receiving areas with package screening
Power specifications of ServerCentral include:
● Minimum N+1 redundancy
● Diverse, 34.5-kV power feeds
● (33) 1300-kW rotary UPS systems
● (33) 2,250-kW diesel-powered generators
● 200,000-gallon fuel reserve
● 36.4 MW critical load
● Solid-state static transfer switches
● Branch Circuit Monitoring System
At the physical level of security, network connectivity is paramount. Our data is transmitted through the largest data-center hub in the world, Chicago’s 350 Cermak, an eight-story fortress with over 1 million operational square feet. 350 Cermak provides data-center services to an impressive list of technology clients, including Amazon, Microsoft, Verizon and Rackspace. Operational efficiency is aided by dedicated fiber lines and 350 Cermak’s close proximity to ServerCentral. In sheer facility size and capability, how powerful is 350 Cermak? Its cooling system is supported by an 8.5 million gallon tank of refrigerated liquid that serves as thermal energy storage for the huge McCormick Place Exposition Center, Hyatt Regency Hotel, as well as 350 Cermak’s own cooling requirements.
The Hardware Level
Centrex Software’s infrastructure digs deeply at the “hardware level,” with a cluster of powerful, privately caged, Dell Web and database servers, deployed in a highly scalable environment designed to efficiently process your requests while featuring leading-edge business-continuity functionality. Requests flowing into the environment must first pass through a rugged firewall incorporating strict rules and intelligent filtering to block perceived threats. Subsequently, allowed requests are delivered into a load balancer tasked with determining which server is best suited to process and respond.
In addition to enabling highly efficient processing, the environment provides mission-critical failover, which is noted in the following “software level” section of this White Paper. To the Centrex Software user, clustering — and its built-in redundancy — mitigates downtime and helps assure the seamless, secure experience of business continuity.
Our environment also incorporates a server dedicated to staging and testing of application and service changes.
The Software Level
Centrex Software’s computing environment at the “software level” is designed to ensure high levels of security with hardened resiliency, thus providing our customers with smooth operation and unparalleled trust.
Leveraging its open-source flexibility, stability and broad popularity (estimated at nearly 80% of enterprise deployments), Linux is our operating system of choice. It has attracted a large group of programmers who have provided smart, creative software with accessible code. By making the source available to anyone, security experts can help identify any main security flaws in the OS, allowing them to be caught before they become serious issues.
Our Web servers are powered by Nginx, open-source, lightweight, high-performance software that enables request-and-response functionality. And our open-source database of choice is MariaDB, providing quick processing and security upgrades that are simultaneously announced with solution upgrades.
Centrex Software’s transmission policy dictates that all traffic going into or originating from our server cluster is transmitted securely using HTTPS protocol supported by encryption using Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). Moreover, in order to boost security, the environment only supports stronger ciphers, rules-based algorithms that establish a procedure for encryption/decryption. Any end-user request sparks multiple processes that end in a database write.
End users need not worry about any disruptive event or circumstance leading to data loss. Transaction files populating one server in the cluster are efficiently replicated to the other nodes in the cluster. In the event of server (node) disruption, cluster-management software automatically “fails over” user interaction with the environment to another node in the cluster without loss of data or processing continuity. The cluster manager initiates a switchback and resynchronization of the cluster when the disrupted node is functionally reinstated.
To provide yet another, deeper level of continuity, we perform delayed replication of the database cluster to a physically different geographic location on a different power grid.
The Logical Level
This level of security is critical to our customers because it refers to a “user’s view” of the way data or systems are organized versus the “physical,” which refers to the real organization of a system, as previously described in this White Paper. Importantly, the security and end-user functionality at the “logical level” is greatly dependent upon the programming knowledge and skill of the system architects working with the Centrex Software application. With the exception of senior system architects, our development staff works isolated from —and has no access to — the production environment and its data.
A major concern of Centrex Software is protecting the data isolation of multi-tenants in one big clustered database; that is, the logical separation among clients. We have developed smart code that isolates one customer’s data from another, without flaw. You never have to worry about the privacy of your data. Moreover, we have developed “role-based permission-schema,” which can be configured by the client, within each tenant’s data structure, enabling who can see and do what.
Sensitive data, such as account numbers at the row level, needs to be encrypted, and we do this using Advanced Encryption Standard (AES) 256, certified by the National Institute of Standards and Technology (NIST), which selected three members of the Rijndael family of ciphers, each with a block size of 128 bits, but with three different key lengths: 128, 192 and 256 bits. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. This is sophisticated technology that underscores our concern for protecting Centrex Software’s valued customers.
Customer passwords are stored using the Secure Hash Algorithm (SHA), designed by NIST and the National Security Agency (NSA), a national-level intelligence agency of the United States Department of Defense. SHA, having one-way registration functionality, is generally considered more secure that other algorithms and is widely recommended.
Furthermore, Centrex Software’s solution includes extensive logging that enables customers to review different levels of past activity if suspicious use of a database is suspected. Such activity covers user-logins, IP addresses, user session activity and, of course, actual changes to records.
We are emphatically concerned about our customers business continuity. There is no upside to downtime. Therefore, our environment backup policies are stringent and include:
- Incremental backups multiple times per day to keep Recovery Point Objective always current.
- Maintenance of binary logs that Centrex Software can use to recovery data to a specific point in time.
- Nightly backups of the database cluster and system configuration files to Amazon S3.
- Optional special-service backups for customers desiring to archive and upload proprietary data to storage at a specific location of their choice.
Clearly, security and business continuity are rapidly evolving issues in the worldwide technology community. In the last few years, malicious and naturally-occurring events have dramatically heightened the sensitivity of many businesses and society in general.
Centrex Software believes in total transparency. Daily, we diligently strive to bring you an unmatched level of service. Notwithstanding our endeavors, things very infrequently do happen — and we want you to know about them without delay as we take the necessary steps to put things back right.