How We Protect Your Data
Gentrack Cloud Integration Services runs on infrastructure we control (SaaS) in a multi-tenant configuration. For customers who self-host our core billing products we provide an installed software component (behind the firewall) to connect to our cloud services that runs in single-tenant installations on infrastructure controlled by our customers. These two modalities have different security considerations, particularly in regard to access by Gentrack personnel. In both cases, Gentrack takes security seriously.
Gentrack approaches security primarily to protect our customer’s intellectual property and sensitive keys, tokens, and other secrets. We employ a variety of safeguards to isolate and encrypt customer data and use a tiered security model to protect sensitive customer information. We employ layers of access control to prevent unauthorized access to our underlying infrastructure. We also implement application-level security to ensure access to build information and source code goes only to those who are authorized.
The primary areas of our security practices related to customer data are:
We issue an organizational administrator account for you to administer access to the cloud services. You have control over who and what applications access our cloud services. You authenticate to our administration tools with an account that is required to be protected by multi-factor authentication. Your applications access our services using an API token which you generate on an application-by-application basis. You can reset the token at any time through our administration tools. For operations initiated by our services to your applications we digitally sign our messages with a private key unique to your application profile which can be verified with the public key so that you know the information was provided by our services and not tampered with in transit.
For connections to third-party applications, you provide us with credentials or authorize our application to request a token to use for accessing the third-party application APIs. We store that token using encryption that is isolated for your organization. Each third-party application will have their own approach to controlling scope of access to their services and we recommend that you implement any options they provide to ensure that only the minimum rights are provided to our services, as outlined in our product documentation where applicable.
All interaction with our cloud services occurs over TLS encrypted connections – we do not allow any unencrypted connections. Any notifications sent by email attempt to use a TLS encrypted connection if your mail server is capable of it. Gentrack logs important events in the system for audit and forensic analysis purposes. Audit logs are separate from system logs that track performance and network metrics.
We encrypt any data we temporarily hold in transit and at rest. Encryption keys are unique at the tenant level to protect your data. Operations on your data run with access only to your data. We do not have administrative capability to run bulk operations across tenants that can work with unencrypted versions of your data. Your data is hosted within a Gentrack Cloud region closest to your business. We apply data privacy controls that uphold your local obligations. All communication between our systems and the runtime environment are encrypted over the wire using SSH and/or TLS.
Gentrack maintains various certifications for our cloud services and are working to expand our certifications to provide additional compliance assurance. Our teams undertake regular security training to ensure that we keep current with the evolving security landscape. Services are monitored for performance, quality, and security issues. We conduct regular third-party assessments of our application design and security controls.
Changes to our service are only made through approved deployment practices, source control, and deployment tooling to ensure peer review and audit trails exist of all changes to production systems. We apply good industry practice in the development and operations of our products. We regularly review, and upgrade when safe to do so, the libraries and tools we use to ensure we remove known security vulnerabilities. We use single purpose production access roles if we need to directly access production services for the purposes of troubleshooting issues that require further investigation beyond the information our monitoring tools provide.
We have security incident response practices and specialists. If a security breach in our cloud services were to occur, when it is safe to do so we will notify you of the incident, and once resolved provide an incident report. We request that you notify us, when it is safe to do so, if one of your applications which use our cloud services is breached.
Partners with Access to Your Data
Gentrack runs its cloud services on Amazon Web Services. If AWS becomes vulnerable, your data may also become vulnerable to accidental disclosure. Amazon’s Security Center discusses their security in great detail.
We use a small number of partners in the operational management and monitoring, who we choose not to enumerate for security reasons, which have access to operational data generated by the service. We regularly review that your data is not provided to them and to ensure that they could not gain access to your data.