Security is a central and integral part of our operations and is weaved into every aspect of our business. We recognize the importance of keeping all information secure and that it is vital to guard against threats such as hacking, viruses, denial of service, brute force, spoofing/splitting/smuggling, session hijacking, injections, cross-site scripting, and numerous other threats. We utilize techniques and technology at every level to both keep data confidential and to guard against malicious acts.
Software Information & Security Information
Pantera Global Technology, Inc. utilizes industry-leading technology to secure the software and its operating environment, including client authentication (password-controlled access), Secure Sockets Layer (SSL) protocol when applicable, 4096-bit data encryption, public-private key pair, firewalls, intrusion detection, filtering routers, and data backups. Each component acts as a layer of protection to safeguard information from unauthorized users, deliberate malfeasance, and inadvertent loss. Additionally, the physical server machines are hosted at a state-of-the-art collocation facility that is staffed on-site 24/7 to provide an immediate response to any incident. Access to the facility is restricted to authorized personnel and is secured by both password-protected keypads and biometric scans.
- Vaulted Tier 1 data center with full redundancy and disaster recovery. 99.99% uptime on Services.
- Enterprise firewall protection
- 24×7×365 electronic and physical security
- Enterprise anti-virus software
- Intrusion detection
- 4096-bit SSL Key
- Mirrored hard drive data servers
- Public-private key pair
- Weekly OS security patches
- IP address or range restrictions
- Consistent firmware, driver, and patch updates to servers and filtering routers network components
Intrusion Detection and Prevention
All servers are protected by an enterprise level firewall and intrusion detection system. All incoming traffic is restricted according to target function and protocols so any malicious, suspicious, or unacceptable requests are rejected. Any rejection matching specific signatures immediately alert our technology team for review.
All transactions are protected with 256 bit encryption using Secure Sockets Layer (SSL). This ensures all traffic to and from our servers is encrypted and protected against tampering, impersonation, and data theft.
Each user must have a unique user id and password to access a secured online portal. Users will be blocked out for 30 minutes after 6 failed password log in attempts.
All systems are monitored on three different levels. The statuses of websites are monitored 24/7/365 by both internal monitors and also by an outside third party monitor to ensure health and up time. Detailed server health is also monitored 24/7/365. Any issue found triggers immediate notification for appropriate personnel to investigate and resolve the issue.
Disaster Prevention and Recovery
We do data backups every 30 minutes on a continuous basis. The data is transferred to a separate backup device, so the active data and backups are in physically different locations. All servers are located in a state-of-the-art facility with a 24×7 physical presence and automated monitoring to minimize disaster events. We also have multiple database and application servers which client systems can be operated from, so in the case of a failure, we are able to bring client systems online from different servers that are already configured and waiting to be utilized.
Security and Process Management
We keep a network architecture plan on file for production use and disaster recovery plans. We also use a standard build on our Dell servers to simplify maintenance and increase reliability of the security updates.
Any changes to the production environment are planned, documented, tested in multiple environments by both technical and support personnel, and approved before being deployed. Any impact to service will be limited to non-business hours and clients will be notified of any maintenance windows needed.
We conduct quarterly penetration scans to validate that the systems are secure. We also employ third party security firms to manually test system security for items that automated scans may miss.
Our data center is compliant with both SSAE 16 Type II and ISO 9001 standards.