Enterprise Class Security
We worry about it so you don't have to
Among other security measures, CSI Software provides:
• Experienced, professional engineers and security specialists dedicated to round-the-clock data and systems protection
• Continuous deployment of proven, up-to-date security technologies,
• Ongoing evaluation of emerging security developments and threats
• Complete redundancy throughout the entire infrastructure
• Total commitment to a secure, scalable, private, collocated system (unlike a hosted system arrangement, CSI Software manages all aspects of its operations)
Our production equipment is collocated in Houston, TX at a facility that provides 24-hour physical security, palm print and picture identification systems, redundant electrical generators, redundant data center air conditioners, and other backup equipment designed to keep servers continually up and running.
• Consistent network monitoring and support
• Network redundancy into the data center includes shadow and diverse redundancy.
• 24 hour network monitoring and support both on-site and remotely.
• Advanced security features including interior and exterior closed-circuit surveillance, as well as biometric scanners.
• Overlapping dual power grids fed to opposite sides of the building.
• Maintain six diesel generators in case both overlapping dual power grids short, with fuel and contracts for fourteen days.
• Non-descript windowless structure, built to withstand Category 5 hurricane.
• Complete zoned fire suppression system.
• Security presence with round-the-clock uniformed guard service and standardized entrance and delivery procedures.
The network perimeter is protected by multiple firewalls and monitored by intrusion detection systems — all sourced from industry-leading security vendors. In addition, CSI Software monitors and analyzes firewall logs to proactively identify security threats. CSI Software also contracts with third-party security firms that proactively monitors our security configurations for changes, vulnerabilities, and errors and regularly conducts vulnerability threat assessments including penetration tests.
CSI Software leverages the strongest encryption products to protect customer data and communications, including 128-bit Verisign SSL Certification
Users access Spectrum NG via a proprietary application rather than a public web browser. Only with this application and license file issued by may a user even attempt to login. For logins CSI requires valid username and password combination, which is encrypted via SSL while in transmission. Users are prevented from choosing weak or obvious passwords.
Our robust application security model prevents one Spectrum3 customer from accessing another's data. This security model is reapplied with every request and enforced for the entire duration of a user session.
Internal Systems Security
Inside of the perimeter firewalls, the systems are safeguarded by network address translation, port redirection, IP masquerading, non-routable IP addressing schemes, and more. The specific details of these features are proprietary.
Operating System Security
CSI Software enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all operating system accounts with strong passwords, and production servers do not share a master password database. All operating systems are maintained at each vendor's recommended patch levels for security and are hardened by disabling and/or removing any unnecessary users, protocols, and processes.
Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access to production databases is restricted to a limited number of points, and production databases do not share a master password database.
Server Management Security
All data entered into the Spectrum NG application by a customer is owned by that customer. CSI Software employees do not have direct access to the Spectrum 3 production equipment, except where necessary for system management, maintenance, monitoring, and backups. The CSI Software systems engineering team provides all system management, maintenance, monitoring, and backups.
CSI maintains as a part of its standard licensing agreement that CSI we will not sell or distribute any information from our customer's databases. CSI only accesses customer data for standard technical support purposes at the customer's request.
Reliability and Backup
All networking components, SSL accelerators, load balancers, Web servers, and application servers are configured in a redundant configuration. All customer data is stored on a database served by a database server cluster for redundancy. All customer data is stored on carrier-class disk storage array's using RAID disks and multiple data paths. All customer data, up to the last committed transaction, is automatically backed up to a primary tape library on a nightly basis. Backup tapes are immediately cloned to verify their integrity, and the clones are moved to secure, fire-resistant, off-site storage on a regular basis.
CSI Software has an agreement in place with a third-party provider of availability services to provide access to a geographically remote disaster recovery facility — along with required hardware, software and Internet connectivity — in the event our production facilities were to be rendered unavailable. CSI Software has disaster recovery plans in place