Acerca de

Elegant Abstract Background

Security

INFRASTRUCTURE SECURITY

Our server’s infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. We consider any system which houses customer data that we collect, or systems which house the data customers store with us to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.

  • Encrypted login pages, user authentication and authorization

  • Site management via encrypted connections

  • Validation of CSRF token on all unsafe HTTP request methods

  • Cookie attack prevention

  • Server-side data validation

  • Cross-platform encryption& SSL certification

  • Cross-site scripting &request forgery prevention

  • Role-based access controls and access control filters

Security of borrower data and personal information of users has been an integral part of Finneo’s design process since the beginning.

PHYSICAL SECURITY

Our data centers are co-located in some of the most respected datacenter facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by our datacenter facilities includes but is not limited to:

  • 24/7 Physical security guard services

  • Physical entry restrictions to the property and the facility

  • Physical entry restrictions to our co-located datacenter within the facility

  • Full CCTV coverage externally and internally for the facility

  • Biometric readers with two-factor authentication

  • Facilities are unmarked as to not draw attention from the outside

  • Secure loading zones for delivery of equipment