The Customer Cloud is architected with sound infosec principles. Nothing in the Customer Cloud is accessible to internal and external stakeholders, other than nominated IT users. It is architected with multiple layers of security.
Xerago deploys the Customer Cloud on a shared-nothing private cloud or on your servers, in both instances isolated from the internet.
All user sessions and Application to Private Cloud connections are secured via HTTPS using 2048 bit Certificates with strong 256 bit encryption. All data belonging to your business is stored entirely in your Private Cloud which is inaccessible via public Internet. All Personally Identifiable Information is stored in a separate token vault.
All ports and servers are closed to the public Internet, with the exception of two HTTPs 443s ports.
Xerago uses Intrusion Detection System (IDS) sensors to detect and alert unauthorized efforts for network access.
Ready to be on point?
Regulatory / Standards Compliance
Below is the list of certifications, standards and regulations that the platform complies with.
SOC2 – Type II
SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles of security, privacy, confidentiality, availability, and processing integrity.
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
OWASP (Open Web Application Security Project) is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. Cato Customer Cloud ensures implementation and monitoring of coding best practices outlined in the Open Web Application Security Project (OWASP) guidelines.
The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
The TCPA (The Telephone Consumer Protection Act of 1991) restricts telephone solicitations and limits the use of automatic dialing systems, artificial or prerecoreded voice messages, SMS texts and fax machines primarily to safeguard consumer privacy.
Customer Data Confidentiality
These approach and steps taken by Cato help safeguard the security of customer data.
You can rest assured knowing that the integrity and security of their data is fully intact.