Security Overview

At Supportbench, we care about security.

Supportbench understand that the confidentiality, integrity, and availability of our customers' information is vital to their business operations and our own success. We use a multi-layered approach to protects that key information, constantly monitoring and improving our application, systems, processes and infrastructure to meet the growing demands and challenges of security.

All Supportbench infrastructure is maintained by Microsoft with the highest of security standards; which includes all of the following certifications.

Secure data centers

Our service is collocated in dedicated spaces at top-tier data centres managed by Microsoft. These facilities provide carrier-level support and certification, including:

Access control and physical security
  • 24-hour manned security, including foot patrols and perimeter inspections
  • Biometric scanning for access
  • Dedicated concrete-walled Data Center rooms
  • Computing equipment in access-controlled steel cages
  • Video surveillance throughout facility and perimeter
  • Building engineered for local seismic, storm, and flood risks
  • Tracking of asset removal
Environmental controls
  • Humidity and temperature controlRedundant (N+1) cooling system
Power
  • Underground utility power feed
  • Redundant (N+1) CPS/UPS systems
  • Redundant power distribution units (PDUs)
  • Redundant (N+1) diesel generators with on-site diesel fuel storage
Network
  • Concrete vaults for fiber entry
  • Redundant internal networks
  • Network neutral; connects to all major carriers and located near major Internet hubs
  • High bandwidth capacity
Fire detection and suppression
  • VESDA (very early smoke detection apparatus)
  • Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression

You can find out more about our Infrastructure Security here.

Secure transmission and sessions

  • Connection to the Supportbench environment is via TLS cryptographic protocols, using global step-up certificates, ensuring that our users have a secure connection from their browsers to our service
  • Individual user sessions are identified and re-verified with each transaction, using a unique token created at login
  • We use industry standard transport protocols, SHA 256 with RSA for our verification and encryption in transit
  • All sensitive data (passwords) within the database is encrypted with unique encryption keys for each client network protection

Network protection

  • Perimeter firewalls and edge routers block unused protocols
  • Internal firewalls segregate traffic between the application and database tiers
  • Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
  • A third-party service provider continuously scans the network externally and alerts changes in baseline configuration

Disaster Recovery

  • The Supportbench service performs real-time replication to disk at each data center, and near real-time data replication between the production data center and the disaster recovery center
  • Data is transmitted across encrypted links
  • Disaster recovery tests verify our projected recovery times and the integrity of the customer data
  • Our system is globally balanced and will react to load and system failure by initiating automated redundancy procedures

Backups

  • All data are backed up to disk tape at each data center, on a rotating schedule of incremental and full backups
  • The backups are cloned over secure links to a secure tape archiveTapes are not transported offsite and are securely destroyed when retired

Application

Supportbench tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly:

  • Application vulnerability threat assessments
  • Network vulnerability threat assessments
  • Selected penetration testing and code review

Security Monitoring

Our Information Security monitoring system collects notifications from various sources and alerts from internal systems to identify and manage threats.