Introduction
How does ParagonERP handle the security of your data?
We know that the data you put into our system is the lifeblood of your business. It is your business' most important asset, and you work to keep it private and absolutely yours. The information you put into the system is not legally protected in the same way as health or personal financial information, but we feel it should be treated as seriously. To that end, we have put a lot of thought into what security really means, not just the hype or the general feeling of being secure so you can sleep at night.
There are four very real data security concerns for businesses today, particularly those operating on the Cloud. The information below describes what we do to keep your data safe. When we make any future changes to improve the security of your data, we will update this document to keep you informed.
1. PROTECTION: Certainty that your data will be there and be accurate.
One of the benefits of SaaS ('Software as a Service') and using the Cloud is not having to worry about things like backups and disaster recovery. We look after the servers instead of you. But, that doesn't mean that you don't want know what we are doing.
a. ParagonERP data is stored in a database. This database is backed up daily and can be restored to any day within the backup range (since the date of purchase of your ParagonERP environment). These backups are stored independently in a separate secure location.
b. ParagonERP is hosted in two redundant environments by two of the biggest players in the hosted Cloud industry - Microsoft Azure and Google Cloud Platform. They use backup mechanisms that take a daily snapshot of your entire environment, not just your data, that can be restored in case of emergency. These snapshots are also stored independently from your actual organization data in a secure location.
c. Virus protection is handled by us and our hosting partners. The design of ParagonERP means that viruses are not really able to exist in our environments (kind of like how some viruses cannot jump species).
d. ParagonERP has a constant audit trail running that cannot be circumvented, even by us, which records any changes to the data. This guarantees that we can track any modifications that were made, when they were made and by whom they were made.
2. ISOLATION & ENCAPSULATION: Our other customers should never see your data, and you should never see theirs.
SaaS applications in the Cloud often share server resources. This means that what keeps their customers' data separated is software code that tells the system to not co-mingle. The problem with that is that a bug or a mistake in the instructions the software developers make could cause unanticipated results like a competitor seeing your special pricing or client list.
ParagonERP is implemented on isolated mini virtual server environments referred to as 'Dockers.' Each of our customers gets their own Cloud-based environment that is not connected to any other one. There is no path between them.
3. AUTHORIZATION & PASSWORD CONTROL: Only authorized users should access and see the data in your environment.
One of the biggest problems is not when your system gets 'hacked' but rather when someone who is legitimately logged in sees something that they are not authorized to see. Another problem is when one user knows other users' credentials.
a. There are granular access controls inside ParagonERP. The administrator can determine who can see what and can do so by profile so templates can be created and approved. Then members can be added so that access control does not have to be managed one user at a time making less opportunity for errors.
b. When new users are created, they get temporary passwords that automatically expire. Their passwords must be reset and be individual so they are not easy to share. The danger is that if someone shares their password with a colleague who is later dismissed, that person can still have access and management might not even know. Passwords are also required to be reset on a time interval.
c. The team at ParagonERP may sign on to your environment for support resolution, using special credentials. We would not ask you to divulge your own password. If you work with a partner, you must decide what access to give them. We will only access areas of the system necessary to resolve the issue, protecting your privacy as much as possible.
4. AUTHENTICATION, DATA LOCALIZATION & ENCRYPTION: Preventing outside parties from accessing the data in your environment.
You may have heard stories about hackers who try to access programs using 'brute force' or access tools to get to valuable information stored in software like credit history or credit cards numbers. ParagonERP does not store information of interest to outside parties like credit card numbers or employee government ID's. Instead, we connect to them using extremely well-protected partner services.
We partner with two of the companies that are investing most into addressing these issues. Google and Microsoft have services that allow us to monitor attacks and counter them. They have some of the strongest firewalls and filters in existence. To get to you, a hacker would have to go through one, then the other and then what we put in place to protect you. Yes, we know this is a bit vague, but we don't really want to talk too much about the specifics as that would make things easier for the evil-doers.
a. The flip-side of this issue is the concern that these large companies are subject to some pretty invasive government access to their systems. To protect against that, we have set up an infrastructure that can physically locate your system in any of dozens of locations across many different countries. Upon request, we can locate your hosting physically closer to you which can also address local legal concerns.
b. All traffic between you and our servers is encrypted with 256-bit SSL encryption which is constantly kept up to date against changing threats.
Some companies may tell you that they are 100% secure, but it is well established that security is not absolute and is always evolving as technology changes. We at ParagonERP focus on keeping your data safe and secure, within the limitations of known security threats and technology.
ParagonERP's management will determine what is reasonable and appropriate and will maintain technical and physical security protocols to safeguard the security and confidentiality of the data you have entered into ParagonERP Solution based on that determination. We at ParagonERP will also reasonably protect against anticipated threats or hazards to the security or integrity of the data you have entered consistent with management's evaluation of reasonable and appropriate.