 Security Configured
by experts and rigorously tested before going into production, Baton’s
world-class security infrastructure includes proven, up-to-date firewall
protection, intrusion detection systems, SSL encryption, and other security
technologies, including proprietary products developed specifically by
EZ-PDM.
- Data Security
EZ-PDM leverages the strongest encryption products to protect customer
data and communications, including 128-bit VeriSign SSL Certification,
MD5, and Triple DES Encryption. The lock icon in the browser indicates
that data is fully shielded from access while in transit. Passwords
and Pass-phrases are only stored in their encrypted format. Even the
highest-level Baton employees cannot access encrypted customer data.
- Database Access Security
Whenever possible, database access is controlled at the operating
system and database connection level for additional security. Access
to production databases is limited to a number of points, and production
databases do not share a master password database.
- User Authentication
Users access EZ-PDM only with a valid username and password combination,
which is encrypted via SSL while in transmission. Users are prevented
from choosing weak or obvious passwords. An encrypted session ID cookie
is used to uniquely identify each user.
- Application Security
Our robust application security model prevents one EZ-PDM
customer from accessing another's data. This security model is reapplied
with every request and enforced for the entire duration of a user
session.
- Perimeter Defense
The network perimeter is protected by multiple firewalls
and monitored by intrusion detection systems. All sourced from industry-leading
security vendors. In addition, EZ-PDM monitors and analyzes firewall
logs to proactively identify security threats.
- Internal Systems Security
Inside of the perimeter firewalls, the systems are safeguarded
by network address translation, port redirection, IP masquerading,
non-routable IP addressing schemes, and more. The specific details
of these features are proprietary.
- Server Management Security
All data entered into the EZ-PDM application by a customer
is owned by that customer. EZ-PDM employees do not have direct
access to the EZ-PDM production equipment, except where necessary
for system management, maintenance, monitoring, and backups. EZ-PDM
does not utilize any managed service providers. The EZ-PDM systems
engineering team provides all system management, maintenance, monitoring,
and backups.
- Operating System Security
EZ-PDM enforces tight operating system-level security
by using a minimal number of access points to all production servers.
We protect all operating system accounts with strong passwords, and
production servers do not share a master password database. All operating
systems are maintained at each vendor's recommended patch levels for
security and are hardened by disabling and/or removing any unnecessary
users, protocols, and processes.
- Physical Security
Our production equipment is collocated in Burbank, California
at a facility that provides 24-hour physical security, picture identification
systems, redundant electrical generators, redundant data center air
conditioners, and other backup equipment designed to keep servers
continually up and running.
- Backup
All networking components, load balancers, Web servers, and application
servers are configured in a redundant configuration. All customer
data is stored on a primary database server that is clustered with
a backup database server for redundancy. All customer data is stored
on disk storage that is mirrored across different storage cabinets
and controllers. All customer data, up to the last committed transaction,
is automatically backed up on an hourly basis. Backup sets are moved
to secure, fire-resistant, off-site storage on a regular basis. Note
that all backed-up data is stored in a triple DES encrypted format.
- Disaster Recovery plans are in place and are tested
quarterly.
Back to Top
|
|
OverviewEZ-PDMUser
License AgreementFAQs
