Assuring the confidentiality of data that your customers trust you with is one of your core operational imperatives. When handling this data for you, our top priority is to deliver a high-performance service where the safety of customer data is at the forefront of all decisions we make.
Cloud Infrastructure
MachForm Cloud is hosted on Amazon’s Web Services (AWS). Amazon manages risk and undergoes a risk assessment to ensure compliance with industry standards. Amazon’s data centers have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Cloud SECURITY
MachForm Cloud employs several layers of protection:
1 – All MachForm Cloud servers are protected by AWS Security Groups, which allows only traffic of specific types through to their servers. A security group acts as a virtual firewall that controls the traffic for one or more instances.
2 – Encryption in transit. We make your data unintelligible while in transit to keep it private. This protection is achieved by encrypting the data before transmission; authenticating the endpoints; and decrypting and verifying the data on arrival. For example, Transport Layer Security (TLS) is often used to encrypt data in transit for transport security.
3 – Encryption at rest. We protect your data from a system compromise or data exfiltration by encrypting data while stored. The Advanced Encryption Standard (AES) is often used to encrypt data at rest. We’re using encrypted AWS RDS MySQL database storage and encrypted AWS S3 buckets for file storage.
Datacenters Location
MachForm Cloud datacenters (EC2 Servers, S3 buckets, AWS RDS servers) are located in Virginia (US) and Frankfurt (Germany, EU). All data remains in-region, so EU data always resides in the EU zone and vice versa.
Database
MachForm Cloud employs Amazon’s RDS, a secure database service whose access is limited to local, isolated networks only. Each MachForm Cloud instance has their own isolated database, database user and host-based access privileges.
All databases are encrypted (secure data at rest) using industry standard encryption (AES-256).
Backups
Amazon RDS provides database availability and durability. All MachForm Cloud servers are fully backed up with the last 7 days of data. These include file snapshots of the servers, created once per day.
System Security
- MachForm Cloud service is protected via SSL. Your connection with the MachForm Cloud service is encrypted. SSL encryption is available on all MachForm Cloud plans.
- MachForm Cloud uses up to date server software which is regularly patched and security updates implemented.
- MachForm Cloud automates its deployment of servers. We have tested and maintained processes to create and manage secure servers.
Server Monitoring
MachForm Cloud uses a 3rd-party monitoring service (Monitis) as a second method of gaining insight into our servers performance. This piece of our technical infrastructure allows an independent, detailed view of server uptime and other statistics.
Billing Security
We do not store your credit card data on any of our servers; we use FastSpring to provide billing services.
FastSpring is an order processing company that handles sales for thousands of software companies world-wide. FastSpring addresses all PCI compliance issues and securely processes sensitive data. All FastSpring servers are PCI compliant and adhere to PCI DSS regulations.