Security
Security and privacy are at the core of planning and delivering our technology
Moxie Cloud Services uses a multi-layered approach to protect our customer’s data and constantly monitors and improves applications, systems, and processes to meet the growing demands and challenges of security. Security and privacy continue to be the top focus of anyone adopting cloud offerings. Moxie has earned the trust of our customers around the world. Security and privacy are at the core of the planning and delivery of our technology.
Certifications
Moxie takes information security very seriously, as is evidenced by the investments in ensuring the security of Moxie’s data and the data customers have entrusted to our care.
Security
The Moxie team has extensive experience in delivering cloud services, and a fully comprehensive understanding of the security implications of managing the cloud model to deliver a better service.
GDPR Compliance
Moxie is committed to being GDPR-compliant across our customer services when enforcement begins on May 25, 2018.
Applications
Moxie’s endeavor is to provide the customer with the best and most secure application. We are committed to having a comprehensive Secure Software Development Life Cycle.
Data Centers
Moxie Cloud Services is co-located in two top-tier data centers in both the US and Europe, enabling privately managed Cloud with servers and storage owned and run by its infrastructure division.
Certifications
Moxie takes information security very seriously, as is evidenced by the investments in technology, personnel and other resources dedicated to ensuring the security of Moxie’s data as well as the data customers have entrusted to our care.
ISO 27001
- Moxie is ISO 27001-2013 certified providing customers the highest assurance of corporate security. We meet international standards for Information Security Management System. View Certificate Here.
HIPAA through BAA (Business Associate Agreement)
- Customers from the healthcare Industry need to comply with HIPAA. Moxie provides a hosting environment that is suitable in helping our customers to meet the requirements of HIPAA Business Associates (BA) compliance for encryption stored and transmitted data, additionally there are security measures that can be set in our software to protect healthcare data.
PCI DSS 3.2
- Moxie is PCI Level I certified and offers premium service options which comply with the Payment Card Industry’s Data Security Standard (PCI DSS) 3.2 for secure communication layers.
SSAE 16 SOC Type 2
- All Moxie Data Centers are fully compliant to SSAE 16 SOC Type 2 – reporting requirements defined by the American Institute of Certified Public Accountants (AICPA).
Geographical Compliance
- Cyber Essentials: Moxie holds UK Government sponsored Cyber Essentials certification, a government-backed, industry supported scheme to help organizations protect themselves against common cyber attacks
Security
The Moxie team has extensive experience in delivering cloud services, and a fully comprehensive understanding of the security implications of managing the cloud model. Our Cloud services are designed to deliver better service and meet the highest standards of security.
Physical
- Checkpoints for access
- 24x7x365 security guards and video surveillance
- Only an authorized person can access Moxie physical environment
Logical
- Firewalls and IDS devices allow only necessary traffic and detect hostile activity and auto block threats
- No outside access to our Databases or Backend systems
- Encryption options are available for data in flight and data at rest
Single Sign On
- Moxie can support integration with a variety of identity solutions including SAML
Access Control
- Strong Security Architecture to prevent unauthorized access provides confidence in the safety of your data
- Network access to systems is limited to Moxie Cloud Services staff and partial read-only access by support & professional services
- Network communication from the corporate offices is protected by firewalls
Prevention
- Servers are “hardened” to best practice levels to reduce vulnerabilities
- Only required ports are opened to the internet reducing the points of entry
- High availability virtualization minimizes downtime and impact
- All systems are protected with Antivirus Software
- Intrusion Detection Systems detect malicious behavior and notify Moxie Cloud Services team
GDPR Compliance
Moxie is committed to GDPR compliance.
The new General Data Protection Regulation (GDPR) helps protect and ensure the privacy rights of European Union (EU) citizens. The GDPR replaces the 1995 Data Protection Directive and aims to harmonize data privacy laws across Europe, while expanding the rights and empowerment of individuals in regard to the control of their personal information. Moxie is committed to being GDPR-compliant across our customer services when enforcement begins on May 25, 2018.
Current Status
Moxie takes information security very seriously, as is evidenced by our investments in technology, personnel and other resources dedicated to ensuring the security of the data customers entrust to our care. You can find out more about our security policies and certifications here.
Path Forward to May 25, 2018
Moxie’s existing security controls and accreditations put us in a strong position to meet the requirements of GDPR. To further ensure our compliance GDPR upon its effectiveness, we are taking the following additional actions:
- Conducting internal privacy assessments and data mapping to determine how our applications, models and resources utilize and process personal information;
- Analyzing Moxie’s data security standards and processes and updating them as necessary to ensure they comply with GDPR requirements;
- Building processes, if not already existing, to execute data subject requests and rights in an expedient and accurate manner;
- Reviewing our customer contracts to incorporate GDPR concepts and requirements and to ensure data subjects and controllers (customers) can contact us as necessary with respect to GDPR governed matters;
- Updating our contacts, notices, and other relevant information to ensure data subjects and controllers (customers) can contact us as necessary with respect to GDPR covered matters;
- Updating our incident management controls to satisfy the GDPR requirements for breach handling and notification; and
- Reviewing our contracts with sub-processors and ensure they meet the requirements imposed by GDPR.
Moxie continues to monitor the guidance issued by governing regulatory bodies to ensure that we remain abreast with the most recent developments pertaining to GDPR. Even when the regulation comes into full effect, Moxie is prepared for the fact that privacy compliance in the EU will be an evolving area. Compliance with GDPR is not a one-stop check box or finish line – it will require continuous adjustments and actions to ensure that Moxie and our customers remain compliant and provide an experience to meet our customers.
Moxie additionally understands compliance is a shared responsibility with our customers; we are committed to partnering with you to help you successfully comply with the GDPR and future privacy requirements. Requirements such as greater data access and erasure rules, privacy by design, and data breach notification processes may mean changes for your organization, and are a shared responsibility. Therefore, it is important to understand your obligations related to the GDPR regardless of where your organization resides, and Moxie will work with you to achieve them.
Secure Application Development
Moxie’s endeavor is to provide the customer with the best and most secure application. As part of this process, Moxie is committed to having a comprehensive SSDLC (Secure Software Development Life Cycle). Software application development is based on industry best practices including as OWASP and PCI DSS. Moxie incorporates information security throughout the software development life cycle.
Characteristics
- Vulnerability tests are performed using industry leading 3rd-party tools
- Dynamic and Static Code Analyses are completed at various stages to uncover security vulnerabilities. Code reviews are performed at various stages in the development life cycle including peer reviews and automatic code analysis using various tools.
- Training & Awareness: All development staff are required to maintain a level of competency in current best practice secure development techniques.
Physical Data Centers
Moxie Cloud Services is co-located in two dedicated top-tier data centers in both the United States and Europe. This enables Moxie to have a privately managed Cloud with all the servers and storage owned and run by its infrastructure division. Moxie Data Centers all meet SAE 16 and ISO 27001 Security Standards ensuring your data is located in the safest possible place including:
Access Control and Physical Security
- Dedicated concrete-walled data center rooms
- Computing equipment in locked cabinets
- Video surveillance throughout facility and perimeter
- Building engineered for local seismic, storm, fire detection and flood risks
- Tracking of asset removal
Power
- Redundant (N+1) CPS/UPS systems
- Redundant (N+1) power distribution units (PDUs)
- Redundant (N+1) diesel generators with on-site diesel fuel storage
Network Protection
- Moxie uses industry leading firewalls
- Perimeter firewalls and edge routers block unused protocols
- Internal firewalls segregate traffic between the application and database tiers
- Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
Internal and Third-party testing and assessments
Moxie does various proactive testing to ensure Moxie Cloud Services is secure.
- Test code for security vulnerabilities before release
- Application vulnerability threat assessments
- Network vulnerability threat assessments
- Selected penetration testing and code review
- Security control framework review and testing
Whitelisting the Customer
- Moxie has various methods of whitelisting our customers to meet specifications and needs
Environmental Controls
- Humidity and temperature control
- Redundant (N+1) cooling system
Secure Transmission And Sessions
- Connect to Moxie Cloud Services via 2048-bit encryption TLS (optional)
- A dedicated secure VPN is available for customers who need extra protection
- Dedicated MPLS networks are available for high risk customers
Disaster Recovery
- Moxie Cloud Services has active disaster recovery data centers in the United States and Europe
- If you opt for DR the RTO is 4 hrs RPO is 1 hr
- Disaster recovery tests verify projected recovery times and the integrity of customer data
Backups
- All backups are done to the latest backup technology on hard drives
- The backups are stored locally and copied remotely whilst being encrypted
Security Monitoring
- Our information security department monitors notifications from various sources and alerts from internal systems to identify and manage threats
Denial of Service Protection is Available
- Moxie Cloud Services has a dedicated service available to protect customers
- Moxie has DNS DDos protection
Anti-Virus Protection and Patch Protection
- Moxie runs state of the art anti virus and email spam filtering for customers using Channels Email
- The security software will automatically screen customers from Microsoft security alerts