We take security and redundancy very seriously. We continue to make key descions that maximize these tenants. A number of our clients have very strict computing and compliance requirements. Below we detail some of the more popular questions we have encountered in security audits. However, we understand the following may not address everything and are happy to answer any additional questions you may have.
Microsoft Cloud. Our servers are exclusively hosted in the Microsoft Cloud (Azure) and span multiple Azure data centers. "Microsoft has decades-long experience building enterprise software and running some of the largest online services in the world. Microsoft uses this experience to implement and continuously improve security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of services and data. They also comply with both international and industry-specific compliance standards and participates in rigorous third-party audits that verify our security controls." To learn more about Microsoft's compliance, and in turn ours, see Microsoft Compliance.
Agile Documents on PaaS. Our infrastructure is built on Azure PaaS (platform as a service) offerings. This ensures our servers have the most recent patches and leverage constantly improving best practices. This is in contrast to traditional hosting methodologies where the leasor of the server is solely in charge of security patching, configuring and general maintenance. The side affect of the traditional hosting methodogy is that servers typically lag behind in security maintenance, more likely to be inconsistently configured and more at risk.
Scaling on Demand. Agile Documents scales its server resources on demand. Thus, as spikes of usage are encountered we are rapidly able to provision additional resources as needed.
Data Minimization. Agile Documents was specifically integrated into SharePoint so that your data would reside in SharePoint and not with us. This could be a SharePoint server within your organization's environment or it could be an Office 365 SharePoint server. Agile Documents does not keep copies of your data. When an Agile Document is built, data is downloaded to our servers [from SharePoint or other sources], aggregated, potentially uploaded to your SharePoint server, and then artifacts from that process are erased from our servers. It should be pointed out, Agile Documents keeps usage and audit records that contain user information (who created the request) and work performed (what did they do). This information is kept for reporting and security auditing purposes.
Redundancy. We are able to provide not only server redundancy in the data center, but we span our infrastructure over multiple data centers. This allows us to quickly react to any geographical issues or failures.
Encryption. We leverage both encryption at rest as well as encryption in transit.
Access Control. As described above, your data resides in SharePoint and not with Agile Documents. In order for Agile Documents to access your data, Agile Documents must first be installed by your SharePoint administrator. That administrator must authorize a trust between SharePoint and Agile Documents. Subsequently, an authorized SharePoint user of that site collection may initiate an Agile Document operation from SharePoint. SharePoint then creates a secure connection between Agile Documents and itself in the context of the user via OAuth. Thus, Agile Documents only has access to the data the user has access to within the site collection and won't have access to anything the user doesn't have access to nor anything outside of that site collection. Access controls to Agile Documents are ultimately controlled by SharePoint logins. Of course, Agile Documents service may be denied for site collections that are not subscribed to Agile Documents.
Isolation We benefit from a number of Azure practices to secure our enviornment. "Azure implements network access control and segregation through VLAN isolation, ACLs, load balancers, and IP filters. It restricts external traffic inbound to ports and protocols on your virtual machines. Azure also implements network filtering to prevent spoofed traffic and restrict incoming and outgoing traffic to trusted platform components. Traffic flow policies are implemented on boundary protection devices that deny traffic."