Customer & User Security Options

It starts with you. Every account includes a number of security specific features that can be enabled, letting you limit access to only authorized users.

Whether you transfer files via automated secure FTP connection or log in and download files through our secure web interface, you can lock your data down as much as you’d like.

• Add IP address restrictions to allow connections from only those devices you specify.
• Brute force protection locks users out after a given number of failed login attempts.
• Stay secure with SFTP or FTPS, disallowing connections on legacy protocols such as FTP unless you specify otherwise.
• Home directories restrict your users to only the information you want them to see.
• Shares and users can be set to expire on a certain date, to prevent future access.

File & Data Integrity

Keeping data safe, whether in transit or at rest, is critical to the smooth operation of your business file transfers. We back up data to servers in multiple locations and have a number of features to ensure your files are transmitted safely and securely.

• Encryption at rest and in-flight.
• All files are backed up in realtime.
• Data is encrypted in transit via SFTP and FTPS. (Unencrypted plain FTP is also available and can be utilized when needed).
• All protocols support resume functionality if a file transfer is interrupted.

Computer & Network Security

ExaVault is designed with security as a core requirement.

Multiple firewalls, monitoring and intrusion detection systems are employed. Each customer’s data is isolated, which ensures your files are safe and completely secure.

• Servers keep a high security profile (e.g., minimum number of ports open).
• Access to all equipment (servers, firewalls, etc.) is logged and monitored for intrusions or other anomalies.
• A multi-layered set of monitoring and intrusion protection systems is in place, including firewalls at the edge and internal controls on access to databases, customer data storage, and other key resources.
• All encrypted traffic uses an SSL certificate with a 2048 bit private key, employing TLS v1.2+
• SOC 2 compliant with regular security audits conducted by internal staff and a third-party audit firm.

Uptime & Redundancy

File storage and transfer is only useful when it’s accessible. With this fact in mind, we’ve structured our secure FTP and file transfer service to maximize available uptime.

Our network and server infrastructure is fully redundant, from our incoming network feeds all the way down to data on disk. Our deployment processes allow upgrades to be performed with no downtime.

• Redundancy at every level: Firewall, network, application servers, database servers, storage layer, and more.
• Secondary disaster recovery facility able to take over for a primary facility failure.
• Software maintenance process is designed to allow for upgrades without downtime.
• Disaster recovery plans are in place, reviewed, and updated regularly.
• Third party monitoring for ExaVault services provided via Pingdom.

Audit & Control

Audit logs are critical for both informational and compliance purposes. ExaVault provides immutable audit logs for every transaction in your account, which means that no one can change logs, even if they are an account administrator.

• Full audit trails are maintained on all activity.
• Guaranteed delivery enables you to prove that files are delivered and successfully received.
• Search and filter capabilities are provided to quickly find any transaction in question.

Governance

Building a secure system is only half the battle. Keeping it secure is equally important. ExaVault performs regular audits and trainings using internal and third-party tools to make sure our platform is secure.

• Code audits conducted on all new code to ensure security and compatibility.
• Regular internal training on security best practices.
• Regular infrastructure tests using internal and third-party tools to identify and patch vulnerabilities.
• Third party testing performed monthly, with intensive testing performed annually.
• Strong terms of service and data privacy policy, with customization available for enterprise clients.

GDPR Compliance

The European Union's GDPR (General Data Protection Regulation) affects every business processing data for customers in the EU & UK. ExaVault and its sub-processors are GDPR-compliant.

• ExaVault is Privacy Shield certified, and we can lawfully collect, receive, and process personal data from the EU & UK.
• ExaVault is committed to maintaining privacy and data security through privacy by design.
• ExaVault regularly reviews and updates our internal processes, policies, and technical safeguards to ensure our ongoing compliance. For more information, see our GDPR page.