Security
Security Documents
Data Security
Our datacenters are co-located in some of the most respected datacenter facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by our datacenter facilities includes but is not limited to:
- 24/7 Physical security guard services
- Physical entry restrictions to the property and the facility
- Physical entry restrictions to our co-located datacenter within the facility
- Full CCTV coverage externally and internally for the facility
- Biometric readers with two-factor authentication
- Facilities are unmarked as to not draw attention from the outside
- Battery and generator backup
- Generator fuel carrier redundancy
- Secure loading zones for delivery of equipment
SnapBlox’s infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.
Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. We consider any system which houses customer data that we collect, or systems which house the data customers store with us to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.
Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.
Systems controlling the management network at SnapBlox log to our centralized logging environment to allow for performance and security monitoring. Our logging includes system actions as well as the logins and commands issued by our system administrators.
SnapBlox’s Security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.
The security and data integrity of customer server is of the utmost importance at SnapBlox. As a result, our technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.
Snapshots and Backups are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can directly manage the regions where their snapshots and backups exist which allows the customer to control where their data resides within our datacenters for security and compliance purposes.
Compliance
SnapBlox is currently working towards achieving ISO/IEC 27001:2013 certification. Becoming certified will attest to our customers the integrity of SnapBlox Information Security Management System (ISMS). The scope of the certification will include all of our datacenters.
We are an active participant in and comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission. The framework provides SnapBlox a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States.
You can find more information about our commitment to the EU-U.S. Privacy Shield Framework in our Privacy Policy.
All of our datacenters are audited and/or certified by various internationally-recognized attestation and certification compliance standards. Many of the SOC reports and certifications listed below are available if a signed NDA is in place between SnapBlox and our customer.
Below is the list of our datacenter locations and the associated most commonly requested attestations / certifications. To request a NDA, SOC report / certificate listed below, or if you have any other compliance related questions please contact our Customer Support team here.
|
Datacenter |
SOC 1 Type II |
SOC 2 Type II |
ISO/IEC 27001:2013 |
PCI-DSS |
|
NYC1 |
✔ |
✔ |
✔ |
|
|
NYC2 |
✔ |
✔ |
||
|
NYC3 |
✔ |
✔ |
||
|
LON1 |
✔ |
✔ |
✔ |
✔ |
|
AMS2 |
✔ |
✔ |
✔ |
✔ |
|
AMS3 |
✔ |
✔ |
✔ |
✔ |
|
SFO1 |
✔ |
✔ |
||
|
SFO2 |
✔ |
|||
|
SGP1 |
✔ |
✔ |
✔ |
|
|
FRA1 |
✔ |
✔ |
||
|
TOR1 |
✔ |
✔ |
✔ |
|
|
BLR1 |
✔ |
✔ |
GDPR
Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
We support the GDPR and will ensure all SnapBlox services comply with its provisions by May 25, 2018. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry.
Privacy Shield Notice
SnapBlox is committed to protecting your privacy. This Privacy Shield Notice sets out the privacy principles we follow with respect to transfers of personal data from the European Economic Area (“EEA”) and Switzerland to the United States, including personal data we receive from individuals who visit our or our affiliates’ web and mobile sites (“Websites”), who access or use our product or service offerings (“Services”), or who otherwise interact with us (“you”).
We comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the EU and Switzerland. SnapBlox, LLC has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles in respect of all personal data received from the EEA and Switzerland in reliance on the Privacy Shield.
The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.
For more information about the Privacy Shield generally, and to view our certification online, please visit https://www.privacyshield.gov.
If there is any conflict between the terms of this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
The types of personal data we may receive in the United States, as well as the purposes for which we collect and use it, are set out in our Privacy Policy.
We will only process personal data in ways that are compatible with the purposes we collected it for or for purposes you later authorize. Before we use your personal data for a materially different purpose, we will provide you with the opportunity to opt-out.
Information about the types of third parties to which we disclose personal data and the purposes for which we do so is described in our Privacy Policy.
If we have received your personal data in the United States and subsequently transfer that information to a third party acting as an agent, and such third-party agent processes your personal data in a manner inconsistent with the Privacy Shield Principles, we will remain responsible unless we can prove we are not responsible for the event giving rise to the damage.
Please note that under certain circumstances, we may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
You may have the right to access personal data that we hold about you and request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of a third party. If you would like to request access to, correction, amendment, or deletion of your personal data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity.
We commit to giving you an opportunity to opt out if personal data we control about you is to be disclosed to another independent third party or is to be used for a purpose that is materially different from those set out in our Privacy Policy. Where sensitive personal data is involved, we will obtain your express opt-in consent to do such things. If you otherwise wish to limit the use or disclosure of your personal data, please write to us at the contact details set out below. You can also ask us to remove you from any mailing list to which you previously subscribed by sending us an email or by following the “unsubscribe” link in any marketing communications we send to you.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal data. EEA and Swiss individuals with inquiries or complaints regarding our Privacy Shield practices should first contact us at [email protected].
If a complaint cannot be resolved with us directly, we have agreed to cooperate with JAMS. If you are not satisfied with the resolution of your complaint, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield to address complaints.
You may, under limited circumstances, invoke binding arbitration for complaints not resolved by the above mechanisms. Additional information can be found at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
SnapBlox is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission with regards to our compliance with the EU–U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
We reserve the right to amend this Notice from time to time consistent with the Privacy Shield’s requirements.
Privacy
SnapBlox is firmly committed to the privacy of our customers and the data which they store on the SnapBlox cloud platform. You can read more about the privacy of your account information and data in our Privacy Policy.
In addition to the security of your account information, we also treat the data you store on our services with the utmost sensitivity. A server launched in a specific geographic region will stay in that region unless the customer performs an action to change datacenters. Furthermore, backups and snapshots also remain in the same region in which the associated server resides to avoid any international data transfer issues.
Credit / debit card purchases for SnapBlox services are processed by the third-party vendor Blue Pay. When our customers provide their credit / debit card information on our website the data is sent to Blue Pay , i.e., the payment data is not stored on our systems.
For PayPal transactions, SnapBlox passes the request to PayPal and the transaction occurs directly on the PayPal website. Therefore, the payment data is not stored on our systems. Both Stripe and PayPal power online financial transactions for thousands of businesses globally, and they are compliant with PCI-DSS standards for the storage and handling of payment information.
All communications with SnapBlox are transmitted over TLS (HTTPS) for all of our services. We provide connectivity to our customer server/s via SSH and recommend that customers use SSH keys to securely set up their access.
