Autopilot Security Overview

Customer data is one of the most valuable assets a company has. That’s why our top priority is delivering a high-performance solution with a focus on keeping our customers’ data safe and their interactions secure. Cloud-based software is all about providing uninterrupted, reliable service, making information security a major focus for first-rate cloud vendors.

Security Benefits

Autopilot customers of all sizes get the benefit of a comprehensive, high-performance solution with a low total cost of ownership — all while keeping their data safe, their interactions secure, and their businesses protected. Our application and network infrastructure exceeds industry security expectations.

Below we outline how we achieve our high levels of performance, availability, and security.

Summary

  • A dedicated, deeply experienced architecture team
  • 24x7x365 systems server monitoring
  • Automated vulnerability analysis via network, host, and application scans
  • Code assessment through review process
  • Employee programs and training to reinforce security awareness and communication

Operations

  • A secure, multi-tenant network architecture
  • Active performance and availability monitoring of all data centers 24x7x365
  • Offsite backups
  • DDOS mitigation technologies
  • SOC 2 Type II, SOC 3 and ISO27001 compliant data centers

Physical Security

  • Autopilot servers are hosted at SOC 2 Type II, SOC 3 and ISO27001 compliant facilities
  • Facilities features 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant power, each with UPS and backup generators. All systems, networked devices, and circuits are constantly monitored.
  • Access is limited to a small group of data center employees who have a need to know

Product Security Features

  • One-way hash encrypted passwords
  • Audit logging and event alerting
  • Regular updates rolled out to all customers, ensuring everyone has the latest application and security innovation
  • Firewalled customer databases

Database Security

  • Compliant with SSAE16, SOC1, ISAE 3402, ISO 27001, CSA, and other standards
  • 247 physical security of data centers and network operations center monitoring
  • Server hardening• Full-system virus scanning and systems patching
  • Authorization: Grant read, write, admin permissions to specific databases, JSON documents, and JSON fields
  • “In-flight” Encryption: all access to our database is encrypted via HTTPS
  • Access Logs: All access to our database is logged for auditing purposes

Transmission Security

  • All communications with Autopilot servers are encrypted by default using industry standard SSL
  • This ensures that all traffic between you and Autopilot is secure during transit
  • Additionally for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers

Application Security

  • The Autopilot application maintains a robust application audit log, to include security events such as user logins or configuration changes.
  • Additionally, Autopilot follows secure credential storage best practices by storing passwords using the bcrypt (salted) hash function

Access Control

  • All access to data within Autopilot is governed by access rights.
  • Every user who attempts to access your Autopilot instance is authenticated by username and password
  • The administrator of your Autopilot instance controls access by limiting access to only those who are needed to administer your account