Customer data are some of the most valuable assets a company has. That’s why our top priority is delivering a comprehensive, high-performance solution with a focus on keeping our customers’ data safe, their interactions secure, and their businesses protected. If you believe there is a security issue affecting MobilePaks, please don’t hesitate to contact security@mobilepaks.com.
Your data is safe with MobilePaks.


Security Culture

We prioritize security and privacy. Security is not an afterthought—we design our infrastructure with security best practices in mind from the start. We make sure that our software stays up to date with security patches, and we regularly revisit systems we’ve built to ensure that they are still secure. All our employees undergo background checks prior to hiring, and we limit access to data and services within the company.

Encryption Protection

We follow OWASP guidelines and best practices for encryption, including encrypting all data and content in transit both externally and internally, updating to the recommended algorithms promptly, and disabling insecure options. Passwords are stored hashed and salted.

URLs

Shared content is shared with a 32-digit unique key to prevent external discovery.

Advanced Password Controls

MobilePaks enforces strong password creation for all users within the MobilePaks system. All passwords are required to be at least eight characters in length, including at least one numerical value and one non-alphanumeric symbol. We strongly recommend the usage of a password manager or an SSO solution, and will work with clients to enable them when possible.

Advanced Access Controls

All data stored in MobilePaks is controlled by a precise set of access rules. You can control exactly which people and groups have access to exactly which pieces of data. Every web request and API request made to our system is authenticated and authorized. This ensures that data is only ever distributed to the people you have explicitly chosen.

IT Infrastructure

MobilePaks is deployed on several of the top IT infrastructure providers in the world and is designed and managed to the best security standards:

  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II)
  • SOC 2
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 27001
  • ITAR
  • FIPS 140-2

Network Security

Our server network is protected by firewalls and other boundary devices. These are placed at the external boundaries of the server network as well as key internal boundaries. Our server network is monitored by a wide variety of automated tools, and our application itself is monitored by our own automated software. Additionally, we bring in third party professionals to do security audits of our entire system.

Physical and Environmental Security

Our data centers feature automated fire detection and suppression equipment, fully redundant backup power systems with Uninterruptible Power Supply (UPS) units, optimal climate conditioning to prevent overheating, video surveillance, physical locks, and 24-hour on-site security staff. Any employees who want physical access to our servers must pass two-factor authentication no less than two times and be on a white list. Upon decommissioning, the hard drives in our servers are wiped and then destroyed. All of this makes for a very cozy home for your data.

Application Security

In addition to server events, we keep logs of user activities such as logging in or out, login failures, and password changes. We also have automated systems that log any bad requests that reach our servers, any server errors that might occur, and our product uptime. We are also built on top of frameworks that employ numerous security features.

Share this: Email to someoneTweet about this on TwitterShare on LinkedInGoogle+Share on Facebook