Security Measures at Athento
Placing a company's data in the cloud requires guarantees. At Athento, we use data centers to offer the best cloud environments with guarantees in terms of security, redundancy, safe access, safe environments and network security, among others, all required to ensure the safety of the client's documents.
The cloud server environments we use are built on ISO 27001-certified platforms. They have also been awarded the AFNOR standard for information security. The data is located in servers within the European Union, thus falling under the jurisdiction of EU law and in compliance with the Spanish Data Protection Act.
Our storage has the following security measures installed:
Multiple replication
Multiple file integrity checks
Transfers are only carried out using secure protocol
Immediate fixing of failed resources in minutes
The cloud infrastructure that hosts Athento has a capacity for more than a million servers located in 11 data centers in 3 European locations. Only authorized employees can physically access the servers. The data centers are protected 24/7 by a security card control system, alongside video surveillance and on-site security staff. The facilities are equipped with the latest in fire detection and extinguishing systems. Furthermore, the data centers have a technical team that is constantly on site, ready to act as soon as a failure in any of the servers is identified.
Other security measures
Safe access: It is not possible to access Athento without a username and password previously registered on the system. It is the responsibility of the user to ensure the confidentiality of these access credentials. Athento also offers the option of controlling access to specific documents with the "Access Permission" option, which makes a document either accessible or inaccessible to groups, roles and users.
Daily backups: Athento's team carries out daily backups of the information on the Athento Cloud.
SSL access: This allows for data transmissions to be encrypted using SSL. SSL (Secure Socket Layer) is used to make the transmission of data via the Internet secure, as it encodes and protects the data transmitted using the HTTPS protocol. SSL provides website users with a guarantee that their data will not be fraudulently intercepted.
Compliance with personal data protection legislation: We comply with Spanish regulations regarding the Spanish Data Protection Law. Data Protection Law will soon be the same for the whole of Europe, making it compulsory for Athento to comply with this new legislation.
Online payment security: Online payments are done via PayPal, which complies with PCI DSS (Payment Card Industry Data Security Standard).
Compliance with SOX law (Sarbanes-Oxley): The provider of our cloud infrastructure has been awarded the following levels: SOC* 1 Type I (SSAE 16 and ISAE 3402)** and SOC 2 Type I.
ISO 27002 for service: The provider of our cloud infrastructure works in line with ISO 27002 and ISO 27005 standards for security management and risk assessment and related procedures.
ISO 27001 security certification: The supplier of our cloud infrastructure has been awarded ISO 27001:2005 certification for supplying and operating dedicated cloud infrastructures.
Technological Infrastructure: Our supplier deploys its own optic fiber network around the world. It uses state-of-the-art hardware and technology that is selected, installed and maintained by internal engineering teams.
Our provider network enables impeccable quality of service, regardless of customer location, with a bandwidth capacity of 4.5 Tbps in Europe and 8000 Gbps in North America, as well as a connection in 33 interconnection points Across 3 continents. The company has built its network in a completely redundant way - several security measures have been put in place to eliminate any risk of failure. The redundancy of links also allows the data of our clients to travel the shortest path and thus benefit from a minimum latency.
Data center physical access controls: In our European data centers, all access to physical facilities is strictly controlled. To avoid all intrusion and risk prevention, the facilities are fenced with barbed wire stakes. There are video surveillance systems and motion detection sensors in continuous operation. Activity within data centers and outside of buildings is controlled and recorded on secure servers, while there is a surveillance equipment on site 24/7.
In order to control and supervise access to facilities, strict security procedures have been implemented. Each staff member has a nominal RFID (Radio Frequency Identification Card) plate to restrict their access. Employee access rights are regularly reviewed. To access the facility, employees must present their badges for verification, before passing through the security doors.
Measures against fire: Fire is another controlled risk. Each room in the data center is equipped with fire detectors and fire extinguishing systems as well as fire doors. The data centers comply with the APSAD R4 standard for the installation of extinguishers, in addition it has N4 certification of conformity.
DDoS Attacks: Our data centers offer protection against DDoS attacks. There are 3 anti-DDoS infrastructures of 160 Gbps in operation in our European data centers.
Audits of Ethical Hacking: Athento performs automatic ethical hacking tests every 15 days. These audits seek to control, eliminate or mitigate risks of hacking, phishing, etc. Athento uses manual and automatic tools for these tests. The results are based in Common Vulnerability Scoring System. For security reasons, these tools or reports are not disclosed.
Data Transmission: Access to the platform and, in general, any data transmission is done through SSL. SSL (Secure Socket Layer) is used to make data transmission secure on the internet as it encrypts and protects data transmitted using the HTTPS protocol. TLSv1.2 guarantees users of your website that your data will not be fraudulently intercepted.
Athento’s SSLs use SHA-2 and 2048-bit encryption to stop hackers in their tracks. This is the strongest encryption on the market today. Our certificates support up to 256-bit encryption and are recognized by all of the major desktop and mobile browsers on the market.