Information security

Network security

Protection

Our network is protected by firewalls, best-in-class router technology, secured HTTPS transport over public networks, regular audits, and network intrusion detection technologies (IDS/IPS) that monitor it for or block malicious traffic and network attacks.

Architecture

Our network security architecture consists of multiple security zones. More sensitive systems, such as database servers, reside in the most trusted zone. Other systems are located in zones that correspond to their sensitivity, depending on their function, information classification, and risk. Depending on the zone, additional security monitoring and access controls are used. DMZs are used between the Internet and internally between different trust zones.

Web Application Firewalls (WAF) and Monitoring

The main entry and exit points for application data flows are monitored with Web Application Firewalls. The systems are configured to trigger alerts when incidents and values exceed established thresholds, and use regularly updated signatures based on new threats. This includes round-the-clock system monitoring.

Threat Intelligence Program

Flexperto participates in several threat intelligence programs. We monitor our systems for threats reported in these threat intelligence networks and take action based on our risks and exposure levels.

Logical Access

Access to the Flexperto Production Network is explicitly based on the need-to-know and least privilege principles and is reviewed on an ongoing basis. Multiple authentication factors are required to access the Flexperto Production Network.

Encryption
Data-in-Transit encryption

Communication between you and Flexperto servers is encrypted using HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for email encryption.

Data-at-Rest Encryption

All Flexperto customers benefit from the protection of data-at-rest encryption for attachment storage, as well as full daily backups.

Current TLS Cyphers

The following TLS Cyphers are used by Flexperto:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

You can check them here:

https://www.ssllabs.com/ssltest/analyze.html?d=team.Flexperto.com

Availability and continuity

Availability

Flexperto maintains a publicly accessible system status web page that provides details on system availability and service history.

Redundancy

Flexperto uses service clustering and network redundancy to eliminate single points of failure. Our strict backup strategy ensures that service data is actively replicated across primary and secondary systems and assets. Our co-located databases are stored on state-of-the-art storage units with multiple servers per database cluster.

Disaster Recovery

Our Disaster Recovery (DR) program ensures that our services remain available or can be easily restored in the event of a disaster. This is achieved by creating a robust technical environment, and by creating disaster recovery plans and testing.

Backups

Flexperto uses a 3-generation backup policy that includes up to 3 copies of important files. Backups are created and restored over a dedicated network interface to avoid impacting production-related traffic.

Dedicated Information Security Team

Flexperto has assembled a team to handle all information security, data protection and compliance issues. This ensures dedicated contacts and a functioning communication chain.

What security measures are we taking at Flexperto?

Are you interested in learning more about the specific security measures we take?

We divide our security measures into three categories:

• Security measures regarding the operation of the Flexperto platform
• Security measures regarding the development of the Flexperto platform
• Security measures that you can configure individually for your Flexperto platform