Security at Dropsuite
Data Security at Dropsuite
MFA Application Security
Dropsuite supports multi-factor authentication (MFA) to provide partners with an extra layer of security to help safeguard end user customer data within Office 365.
Traditional (conventional) password security offers a single layer of protection. Passwords are susceptible to being compromised through human error, coordinated cyber attacks and theft actors.
Multi-factor authentication provides an additional layer of security protection. After typing your password, multi-factor authentication software automatically contacts you via a secondary, trusted medium, such as your telephone number, and then requests a new form of verification. This second security perimeter significantly strengthens overall application security while reducing the likelihood of unauthorized threat access.
Dropsuite’s multi-factor authentication (MFA) provides partners and customers with an extra layer of security to help safeguard end user data within Microsoft Office 365. We’re proud to be a vendor that’s at the forefront of MSP security, providing MFA enhanced partner security protection for our cloud backup and archiving suite of solutions.
When you use Dropsuite Cloud Backup for Office 365, you access the Microsoft ecosystem by activating MFA. This powerful additional layer of security makes it almost impossible for hackers to infiltrate your administrator credentials, blocking a former entry point the bad guys had come to rely on. Since MFA blocks ~99.9 percent of account compromise attacks, your administrator passwords will be safe, and you’ll be able to continue doing what you do best — managing your business.
Data Encryption in Transit and at Rest
Dropsuite engages independent/external entities to conduct regular application-level and infrastructure-level vulnerability tests. We also continue to scan and test the Dropsuite application internally, and on a regular basis, preforming regular security patches or upgrades. Results of the external vulnerability testing and remediation are shared by the entire team including management and the board of directors.
Personnel and Access Management
Personnel practices in Dropsuite apply to all employees who have direct access to Dropsuite’s internal information systems, Dropsuite’s cloud solution infrastructure and/or unescorted access to Dropsuite’s workspace. All those employees are required to understand and follow internal policies and standards.
Principle of no privilege is a default standard in Dropsuite. Employees and users in Dropsuite will only have access to what is needed, when it is needed.
Employees will only be granted access to internal systems based upon their work requirements. Requests for additional access follows a documented process and are approved by the responsible owner or manager. Furthermore, all employees sign confidentiality agreement upon joining the company.
All employees are required to complete a privacy and security training annually. Individuals with elevated levels of access are required to take a biannual security certification with a private provider. Employees are required to report security and privacy issues to our Data Protection Officer. Employees are informed that failure to comply with acknowledged policies may result in consequences, up to and including termination.
Dropsuite monitors and logs every server, router, system call, command procedure, etc of our production environment. Logs are kept for as long as legally needed to ensure our systems are secure.
Data Protection Compliance
Dropsuite has proactively appointed its own Data Protector Officers (DPOs) that are trained in data privacy and data security to ensure legal compliance with various data protection laws. Our DPOs work closely with the product and engineering team to ensure legal compliance requirements are embedded into the development lifecycle of our products.
Data Center Security
Data sovereignty is important to many of Dropsuite’s international partners. To that end, we can provide data enter support to many country-locations. For example, we provide AWS data center support in Canada, ensuring that the data for all our SaaS products and solutions remain within Canadian borders, adhering to PIPEDA, the Canadian Privacy Act, and/or GDPR rules.