Below are a few points about how we secure that your data is safe when using RapidiOnline.
- no customer data is stored on our servers (unless you are using the Rapidi Mirror technology, with a centrally hosted mirror)
- all connections over net normally use SSL (or rather TLS 1.1 or TLS 1.2) encryption (normally AES-128 or better depending on local OS version). This includes both connections to our MyRapidi configuration application and all connections between our centrally hosted servers and any RapidiConnector installed locally at a customer site (for accessing locally installed systems).
- we use a high availability and high security hosting center (GNAX, Atlanta)
- every customer has his own process and own configuration database centrally on our servers.
- login to the MyRapidi configuration app can additionally be secured by Two-Factor Authentication.
- login credentials to the MyRapidi app (passwords) are only stored internally in a hashed version (no plain text or encrypted passwords are stored)
- the login credentials to the MyRapidi app, can be forced to expire after a certain time (30, 60, 90 days) and password reuse can be prohibited (last 3 or 5 password remembered) - this can be setup on the account level.
- RapidiOnline is Salesforce.com AppExchange certified (which includes security and availability review)
- we monitor the transfer services and schedules and can take action if things are not running correctly.
- our Hosting Partner monitors our central servers and processes (database servers, web-servers, application servers etc.) and takes action within a few minutes if something is not running.
- access to most of your systems can be deployed without storing any client system credentials at Rapidi - instead we store a security token for OAuth2 authentication (for Salesforce.com and D365 Cloud for example) or we use Windows Authentication for locally installed system (accessing you local system from a locally installed RapidiConnector). The security tokens are only stored in encrypted form on our servers.
- any customer credentials that are stored in our configuration databases are stored encrypted with high security encryption method. The key used, is separate per customer/service and is only stored in encrypted form on the server.
- access to systems: after the initial setup is done, the access to the systems can usually be limited to read and/or write access to the tables or objects actually used in the integration setup.
If you have any remaining questions or you need a higher level of security, please contact us. We can on request provide higher levels of security, like custom SSL certificates.