OneUp Security
OneUp provides multiple layers of security, including:
Encrypted User Authentication
Only users with a valid username and password can access a specific company account. A Username/password is not valid to access other company accounts. OneUp.com enforces that passwords are strong enough and encourage its users to change it frequently. Passwords are stored encrypted. myERP.com INC. employees can't read users' passwords. The transmission of the username/password is made through an SSL connection (128-bit VeriSign SSL certificate with a 1024-bit RSA key) which prevents it from being stolen.
Data isolation
OneUp.com is a multi-tenant service. All data are saved on the same database but are highly isolated. Each company can only access its own data..
Database backup
Databases are backed up on a daily basis. The backups are stored on Amazon S3, so they are redundantly stored in multiple physical locations.
Details of Amazon EC2
OneUp.com uses the Amazon cloud computing infrastructure to deliver it service. That includes Amazon EC2, Amazon S3 and Amazon CloudFront services. Each benefits from the experience and reliability of Amazon Web Service (AWS) LLC. The security includes:
Certification
Amazon Web Services has successfully completed a Statement on Auditing Standards No. 70 (SAS70) Type II Audit, and has obtained a favorable unbiased opinion from its independent auditors. SAS70 certifies that a service organization has had an in-depth audit of its controls (including control objectives and control activities), which in the case of AWS relates to operational performance and security to safeguard customer data. AWS will continue efforts to obtain the strictest of industry certifications in order to verify its commitment to provide a secure, world-class cloud computing environment.
In addition, the flexibility and customer control that the AWS platform provides permits the deployment of solutions that meet industry-specific certification requirements. For instance, customers have built HIPAA-compliant healthcare applications on AWS.
Physical Security
Amazon has many years of experience in designing, constructing, and operating large-scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.
Backups
Data stored in Amazon S3 (where ONE UP.com stores reports for example) is redundantly stored in multiple physical locations.
Firewall
Amazon EC2 provides a complete firewall solution; this mandatory inbound firewall is configured in a default deny mode and ONE UP.com explicitly open only needed ports to allow inbound traffic. The traffic is restricted by protocol, by service port, as well as by source IP address.
Instance Isolation
"Different instances running on the same physical machine are isolated from each other utilizing the Xen hypervisor. Amazon is an active participant and contributor within the Xen community, which ensures awareness of potential pending issues. In addition, the aforementioned firewall resides within the hypervisor layer, between the physical interface and the instance's virtual interface. All packets must pass through this layer, thus an instance’s neighbors have no additional access to that instance, and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms"
Network Security
ONE UP.com is protected against Distributed Denial Of Service (DDoS) Attacks, Man In the Middle (MITM) Attacks, IP Spoofing and Port Scanning.
Hacker Attack Protection
All requests are served using reverse proxies, thus application servers are not exposed directly to the internet.
All customer data are stored on a database and the database servers are in a separate private network