Data center & network security

We ensure the confidentiality and integrity of your data with industry best practices. Asset Infinity servers are hosted at Microsoft Azure Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. And just like our customer support, our Security Team is on call 24/7 to respond to security alerts and events.

Physical security

Facilities
Asset Infinity servers are hosted at Microsoft Azure Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our co-location cage spaces are physically and logically separated from other data center customers. Data center facilities are powered by redundant power, each with UPS and backup generators.
On-site Security
Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.
Monitoring
All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by Asset Infinity staff. Physical security, power, and internet connectivity beyond co-location cage doors or Azure services are monitored by the facilities providers.​
Location
Asset Infinity leverages data centers in Europre.

Network security

Dedicated Security Team
Our globally distributed Security Team is on call 24/7 to respond to security alerts and events.​
Protection
Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection and/or Prevention technologies (IDS/IPS) which monitor and/or block malicious traffic and network attacks.
Architecture
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.​
Network Vulnerability Scanning
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
Third-Party Penetration Tests
In addition to our extensive internal scanning and testing program, each year Asset Infinity employs third-party security experts to perform a broad penetration test across the Asset Infinity Production Network.​
Security Incident Event Management (SIEM)
Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers which notify the Security team based on correlated events for investigation and response.​
Intrusion Detection and Prevention
Major application data flow ingress and egress points are monitored with Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). The systems are configured to generate alerts when incidents and values exceed predetermined thresholds and uses regularly updated signatures based on new threats. This includes 24/7 system monitoring.​
DDoS Mitigation
In addition to our own capabilities and tools, we contract with on-demand DDoS scrubbing providers to mitigate Distributed Denial of Service (DDoS) attacks.
Logical Access
Access to the Asset Infinity Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Asset Infinity Production Network are required to use multiple factors of authentication.
Security Incident Response
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.​

Encryption

Encryption in Transit
Communications between you and Asset Infinity servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.​
Encryption at Rest
All customers of Asset Infinity benefit from the protections of encryption at rest for offsite storage of attachments and full daily backups. Should customers desire to have their primary and secondary DR data-stores encrypted at rest, this is available for purchase at an additional cost. You may contact support for more details.​

Availability & continuity

Uptime
Asset Infinity guarantees a 99.9% uptime​
Redundancy
Asset Infinity employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime ensures Service Data is actively replicated across primary and secondary DR systems and facilities. Our co-location databases are stored on efficient Flash Memory devices with multiple servers per database cluster.
Disaster Recovery
Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing.​
Enhanced Disaster Recovery
With Enhanced Disaster Recovery, the entire operating environment, including Service Data, is replicated in a secondary site to support service resumption should the primary site become fully unavailable.​