Security Overview
Partnering with Interfolio means trusting us with your data, and we take that trust seriously. Interfolio is architected for your institution to enjoy all the benefits of cloud hosting while also being fully protected, so you and your users can be confident that our services are always secure, reliable, and scalable.
Have specific questions about Interfolio’s technical security measures, or your institution’s particular considerations? Feel free to contact us today.
Secure
Interfolio uses multiple layers of security at the datacenter, server, and application level to ensure that your data is kept private and secure.
Datacenters
Interfolio applications are hosted with Amazon Web Services (AWS), the industry-leading cloud service provider. As a result, we can guarantee:
- Strict physical site security: authorized staff must pass two-factor authentication a minimum of two times to access data center floors and contractors are escorted at all times;
- Redundant power, network connectivity, fire, and flood protection;
- SOC2 compliance.
Servers
Interfolio systems were architected to take full advantage of the the industry-leading AWS ecosystem. Our cloud architecture ensures the highest level of security, availability, and durability.
- Servers are hosted in a Virtual Private Cloud, or VPC. This means that the servers themselves are completely invisible to the public internet. You can’t attack what you can’t see.
- All connectivity to the servers must pass through specially engineered load balancers and firewalls, creating security chokepoints. All traffic is forced through encrypted channels such as SSH, SFTP, and HTTPS.
- All admin access to servers occurs via public-private key authentication, using strong keys. Intrusion Protection Systems lock users out after 3 failed logins.
- Servers are “hardened” by default at the time of provisioning, closing off unused ports and disabling unused services. Audits are run at least quarterly to ensure that no changes have been made which are outside our policies.
- Vulnerability scans are run at least monthly, sending proactive notifications to our security team if software vulnerabilities are found.
- All data is encrypted at rest, so in the unlikely event that a user gained access to the AWS drive, the data would be indecipherable.
Applications
To match the security of our datacenters and server instances, we have engineered all Interfolio applications with a belt & suspenders approach to security.
- Sessions time out to prevent unauthorized access.
- All logins and logouts are logged.
- Every time a user requests Institutional data they go through no fewer than three checks to verify their access rights:
- Is the user logged in with an active account?
- Does the logged-in user have any access rights to the given institution’s data?
- Does the user have read or write access to the specific piece of data he or she is requesting?
- Changes made in the system are logged, including what was changed, who made the change, and when they made it.
Reliable
Through redundancy and secure software development techniques, Interfolio has been able to maintain an uptime of over 99.99% for the past 3 years.
Self-healing applications
All servers will fail eventually. Through redundancies and autoscaling, we ensure that your users and your data remains unaffected.
- We have no fewer than two server instances running every service, load balanced across multiple datacenters; in the event of a loss of an entire datacenter, your users would experience zero downtime.
- Performance monitors continually audit the health of our servers and applications. If a server becomes unavailable or if application performance is diminishing, the system will automatically spawn additional server instances to pick up the slack.
Data management
We use a multi-level approach to data replication and backups in order to ensure the safety and integrity of your data.
- Data is copied to a secondary database replica in real time with sub-second latency; in the event of a loss of the master database, the replica would be promoted within five minutes.
- We backup our database to a geographically separate data center every eight hours.
- All document artifacts are stored in S3, which replicates objects into multiple datacenters and offers eleven nines (99.999999999%) of durability.
Disaster recovery
The same tools that we use to ensure maximum uptime and performance will also protect us in the event of a widespread loss of connectivity in our production datacenters.
- We keep a cold backup of our production environment in a geographically separate datacenter, ready to be turned on in the event of a disaster.
- Server scripts are stored in the cloud, so the servers we spin up in the event of a disaster will be identical to the servers that were running our production environment.
- Databases can be spawned from the latest of our intra-day backups.
Scalable
Interfolio was architected for the cloud, and we enjoy all the benefits that it provides us in responding to spikes in traffic and growth in usage.
- We leverage encrypted cloud storage so there is no limit to the amount of data you can store with us.
- Services-Oriented Architecture allows our applications to respond quickly to traffic spikes.
- Auto-scaling technology and load balancing mean that we can scale to meet demand in minutes.
Interested in how Interfolio might help with the security of data and documents involved in faculty work at your institution? Let us know today.