At Athento, we use data centers that offer the best cloud environments with the guarantees of security, redundancy, secure access, secure facilities, network security, among other aspects that guarantee the security of the client's documents and data.
The cloud server environments we use are built on ISO 27001 certified platforms.
The data are located on servers within the European Union, in the case of European customers, so the applicable law in these cases is the EU law.
In the case of clients in Latin America, datacenters are used in Canada, a country with strong data protection legislation.
The storage has the following security measures:
- Multiple replication.
- Multiple file integrity check.
- Transfers are performed only by secure protocol.
- Instant repair of failed resources within minutes.
Our datacenter servers are only physically accessed by authorized employees. Data centers are protected 24/7 by physical access control systems, with video surveillance and on-site security personnel. The facilities are equipped with state-of-the-art fire detection and extinguishing systems. In addition, these data centers have a technical team that is constantly on site, ready to intervene the moment a failure is detected in any of the servers.
Other Security Measures
Secure access: It is not possible to access Athento without a username and password previously registered in the system. It is the user's responsibility to ensure the confidentiality of these access credentials. Athento also offers you the possibility of controlling access to documents, through the option "Access Permissions" that makes or not a certain document accessible to groups, roles and users.
Daily backups: The Athento team performs daily backups of the information in Athento Cloud.
SSL Access: Allows the use of encryption of data transmissions using SSL. SSL (Secure Socket Layer) is used to secure the transmission of data on the Internet by encrypting and protecting the data transmitted using the HTTPS protocol. SSL guarantees your website users that their data will not be intercepted fraudulently. Athento SSL certificates use SHA-2 and 2048-bit encryption to prevent hacker attacks. This is the strongest encryption available on the market today. The certificates support 256-bit encryption and are recognized by all major mobile and desktop browsers on the market.
Complies with the legislation on privacy protection of personal data: We comply with the Spanish LOPD Spanish legislation. Soon the Data Protection Law will be the same throughout Europe, so Athento will be obliged to comply with this new law.
Online Payment Security: Online payments are made through PayPal, which complies with the PCI DSS (Payment Card Industry Data Security Standard).
SOX (Sarbanes-Oxley) compliance: Our cloud infrastructure provider is recognized with the following levels: SOC* 1 Type I (SSAE 16 and ISAE 3402)** and SOC 2 Type I.
ISO 27002 at the service level: Our cloud infrastructure provider relies on ISO 27002 and ISO 27005 standards for security management and risk assessment and related procedures.
ISO 27001 security certification: Our cloud infrastructure provider is ISO 27001 certified for the provision and operation of dedicated cloud infrastructures.
Technology infrastructure: Our provider deploys its own fiber optic network worldwide. It uses state-of-the-art hardware and technology that is selected, installed and maintained by in-house teams of engineers.
Our provider's network enables an impeccable quality of service, regardless of the customer's location, with a bandwidth capacity of 4.5 Tbps in Europe and 8000 Gbps in North America, as well as a connection at 33 interconnection points across 3 continents. The company has built its network in a fully redundant manner - several security measures have been put in place, in order to eliminate any risk of failure. The redundancy of links also allows our customers' data to travel the shortest path and therefore benefit from minimal latency.
Physical access controls to data centers: In our European datacenters, all access to the physical facilities is strictly controlled. To prevent any intrusion and for risk prevention, the facilities are fenced with barbed wire fences. Video surveillance systems and motion detection sensors are in continuous operation. Activity inside the data centers and outside the buildings is monitored and recorded on secure servers, while there is a 24/7 on-site surveillance team.
In order to control and monitor access to the facilities, strict security procedures have been implemented. Each staff member has a nominal RFID (radio frequency identification card) badge to restrict access. Employee access rights are reviewed regularly. To gain access to the facility, employees must present their badges for verification before passing through the security gates.
Fire measures: Fire is another controlled risk. Each data center room is equipped with fire detectors and extinguishing systems, as well as fire doors. The data centers comply with the APSAD R4 standard for the installation of fire extinguishers and have N4 compliance certification.
DDoS attacks: Our data centers offer protection against DDoS attacks. There are 3 160 Gbps anti-DDoS infrastructures in operation in our European data centers.
Ethical Hacking Audits: Athento performs automatic ethical hacking tests every 15 days. These audits seek to control, eliminate or mitigate hacking, pishing, etc. risks.
Athento uses manual and automatic tools to perform these tests. The results are based on the Common Vulnerability Scoring System. For security reasons, these reports cannot be disclosed.