Security

A. Application Security

Server Admin shall maintain appropriate systems security for the Server Admin’s Service in accordance with commercially reasonable industry standards and practices designed to protect all data and information provided by or on behalf of Manager that is input into, displayed on or processed by the Server Admin’s Service and all output therefrom (“Manager Data”) from theft, unauthorized disclosure and unauthorized access. Such systems security includes, among other things: (1) implementation of application vulnerability tests (2) Establishment of all Server Admin-Manager communications to or through the web security layer will be transmitted using a robust secure protocol; and (3) the following safeguards:

1. Authentication

1. All access is authenticated and communication secured using industry best practices.
2. Systems identity is tied to an individual user by the use of credentials and (if elected) by 2-factor authentication.
3. Reasonable authentication controls that conform to industry recognized standards are provided.
4. Google’s latest reCaptcha is utilized to avoid bot and brute force login hacking attempts.

2. Authorization

1. All authorized users are only allowed to perform actions within their privilege level.
2. Control access to protected resources based upon role or privilege level.
3. Privilege escalation attack prevention: Server Admin is notified if there is an attempt to gain higher level access.

Important Note and Distinction: Only Server Level Admin has access to install WordPress plug-ins and other access to higher-level or sensitive areas of WordPress. Most hosting companies offer full access as an administrator however, we only offer a very limited “content and minor settings access” level for users; leaving only the Server Admin to handle the plug-ins and core areas. In the unlikely event that an administrative user account is hacked (due to a less than secure password or other means) and the hacker gains access to the administrative area, they will not be able to do anything more than a content level admin can. As these restricted levels limit sensitive areas to admin, it also restricts it to hackers as well. Additionally, content admin uploaded files cannot be executed from an administrative level file directory. This eliminates a hacker with lower level access from being able to upload harmful executable files.

3. Secure Coding Practices 

1. Developers are trained on secure developing best practices.
2. Applications are written in a secure manner using a formal process that provides evidence that application security vulnerabilities are not present prior to moving into production and periodically thereafter, including after significant changes. At a minimum, application security vulnerabilities would include the SANS Top 20 and OWASP Top 10.
   
3. These requirements are validated by a popular security plug-in: WordFence.

4. Password and Account Management

A. Passwords follow best practices, including:

• Encrypting passwords using “hashing” and “salting” techniques.
• Enforcing password complexity.
• Limiting failed attempts before account lockout.
• Password reset does not send credentials

B. Account Manager securely logs time and date when additional privileges are enable to allow for a complete audit trail of activities.

Important Note and Distinction: Password and login best practices are also expressed to clients. During the set-up process we illustrate and explain the need for complex passwords and usernames. We additionally have several articles dealing with online security and password tactics.

B. Data Security

1. Data at Rest

1. Manager Data is encrypted using industry best practices.
2. Backups of Manager Data are not accessible by anyone other than the Server Level Administrator.

2. Data in Motion

Manager Data in transit to or from Manager will be encrypted and sent over browser using SSLv3. (The use of FTP or SFTP are not allowed).

3. Multi-Tenancy

In a multi-tenant environment, appropriate security controls and robust cryptographic methods are implemented to protect and isolate Manager Data from other tenants.

4. Administrative Access and Environmental Segregation

1. Applying Principle of Least Privilege: Proper controls are in place to ensure that access is limited to administrators or editors who must see Manager Data in order to fulfill their job functions.
   
2. Confidential data shall be masked with one-way hashing algorithms when Manager assigns data as Manager Level only.
   
3. Manager Data is replicated to non-production environments (aka backups). This means that when the Manager Data is extracted for the backup, the said data needs to be removed from the website.
   

C. Threat Management

1. Intrusion Detection

Server Admin maintains an intrusion detection monitoring process at the network and host level to protect service and to detect unwanted or hostile network traffic. Server Admin updates intrusion detection software continuously, on a scheduled basis following the availability of updates by the software provider. Measures are in place to ensure that Server Admin is alerted when the system or service detects unusual or malicious activity.

2. Penetration Tests

Server Admin conducts penetration tests at least once per year on the computing environment. Using systems such as: Kali Linux, Server Admin conducts penetration tests to seek out vulnerabilities in the server or access points. While this is an ongoing process; Server Admin conducts specific penetration tests on an annual schedule.

D. Infrastructure Security

1. Audit Logging

1. Server Admin monitors and logs all system access to the Servers to produce an audit trail that includes, but is not limited to, web server logs, application logs, system logs and network event logs.
2. The logs are stored off-system to reduce risk of loss due to tampering. Additionally the logs are purged quarterly. 

2. Network Security

1. Network security for servers and websites comply with industry standards including separating perimeter networks from endpoints hosted in the private network using industry standard firewalls. Additionally the Server Admin updates firewall software continuously, on a scheduled basis, following the availability of updates by the software provider.
   
2. Server Admin tests perimeter devices continuously on a scheduled basis, and, if deficiencies are discovered; Server Admin promptly troubleshoots and remediates security deficiencies discovered as a result of such testing or as a result of logging access attempts, based upon the risk of the deficiency.

3. Vulnerability Management

Server Admin utilizes processes designed to protect Manager Data from system vulnerabilities, including:

1. Application Vulnerability Scanning: Application vulnerability scanning on each website is performed before code is released into production.
2. Malware Scanning: Server Admin ensures anti-malware scanning on all servers are fully functional for both scanning and logging.

4. Secure Configuration

Production Servers comply with industry standards for platform hardening and secure configuration in order to reduce attack scope and surface. We establish that Hardening procedures are enforced before any system is put into production.

E. Security Procedures

Incident Response

Server Admin maintains security incident management policies and procedures, including detailed security incident escalation procedures. In the event of a breach of any of Server Admin’s security or confidentiality obligations, Server Admin agrees to notify Manager by telephone and email of such an event within twenty-four (24) hours of discovery. Server Admin will also promptly perform an investigation into the breach, take appropriate remedial measures and provide Manager with the name of a single Server Admin security representative who can be reached with security questions or security concerns twenty-four (24) hours per day, seven (7) days per week, during the scope of Server Admin’s investigation.

F. Governance

1. Security Policy

Server Admin maintains a written informational security policy that is reviewed annually. Additionally it is published and communicated to all Server Admin employees and relevant third parties for understanding and compliance.

2. Security Training

Server Admin will ensure that all Server technicians, employees and managers complete relevant training required to maintain compliance with the procedures and practices outlined in the policy; including security awareness training at minimum annually.

G. Physical Security

Data center facilities limits access to only Server Admins and Technicians performing the service and employee-accompanied visitors using commercially reasonable Internet industry standard physical security methods. Such methods include visitor sign-ins/logging, restricted access key cards and locks for employees; limited access to server rooms and archival backups; and unauthorized intrusion alarm systems. These are physical guidelines put into place and maintained by Google’s high standards and backed by one of the nations lowest breach records to date.

H. Business Continuity

1. Continuity Plan

We have established and maintain a business continuity plan in place for the restoration of critical processes and operations of the Service at the location(s) from which the Service is provided. Server Admin also has an annually tested plan in place to assist in reacting to a disaster, in a planned and tested manner. Key features and goals of the plan include:

A. Recovery Point Objective

Backup state frequency: Twenty-four (24) hours.

B. Recovery Time Objective

• Recovery time objective is three (3) hours after a critical system malfunction is detected. Up to one (1) hour assigned for attempting to fix existing conditions without resorting to full disaster recovery procedure and two (2) additional hours for full disaster recovery.
• Server Admin will recover the Service and Manager Data as soon as possible, but no more than one (1) day after such disaster.
• If Server Admin’s business continuity plan is invoked: (1) Server Admin will execute such plan and restore the Server Admin’s Service to the applicable service availability and service level; and (2) Manager will be treated with at least equal priority as any other server tenants/customers.

2. Backup Management

Server Admin will perform full backups of the database(s) containing Manager Data no less than once per day (or once per week, depending on the hosting and support account level) without interruption of the Service. Server Admin will also provide off-site archival storage, no less than a weekly basis of all backups of the database(s) containing Manager Data on secure server(s); or other commercially acceptable secure media. Such data backups will be encrypted, sent off-site to a secure location each business day/week and stored/retained for twelve (12) months unless otherwise requested.