Sparked Security Policies

At Sparked, security, integrity, and the availability of our customers’ data is a top priority. We believe this is vital to their business operations and to our own success. Therefore, we use a multi-layered approach to protect and monitor this information.

Client Data Protection

  • All sensitive data (logins, passwords, etc) in transit (network connections to Sparked’s environment) is encrypted via SSL/RSA-SSH1 and HTTPS
  • Client sessions are protected by unique session tokens and re-verification of each transaction
  • Sparked is SafeHarbor certified by the U.S. Dept. of Commerce

Application Security

Sparked tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities.

  • Sparked’s SaaS services are based on proven and secure Open Source solutions and custom applications (CentOS, PHP, MySql, MongoDB, Apache).
  • Applications and servers are regularly patched to provide ongoing protection from exploits
  • Passwords are hashed and encrypted. Encryption keys are maintained on separate servers from where encrypted password files are stored
  • Customers passwords are not accessible by Sparked personnel

Physical and Environmental Security

Our service is hosted in a secure facility at SoftLayer in Dallas, which is one of the largest datacenters in the U.S. (next to Amazon.com). Their Dallas facility hosts over 104,500 servers.

SoftLayer provides:

On-Demand, Virtual Data Center

Through IPMI 2.0 server technologies, secure and remote out-of-band management, and proprietary automated solutions, SoftLayer provides a highly scalable, on-demand, virtual data center experience.

Geographic Diversity

With fully-featured data centers in several major U.S. and international citites, SoftLayer provides geographic diversity ideal for maintaining system and data redundancy, as well as for placing systems in the optimal physical location for traffic volume and speeds.

Redundant, Best-in-Class Infrastructure

All SoftLayer data centers maintain multiple power feeds, fiber links, dedicated generators, and battery backup. They are built from industry-leading hardware and equipment, ensuring the highest level of performance, reliability, and interoperability.

Physical Office Security

  • Cameras recording entrances/exits
  • Steel reinforced door locks
  • Security training performed/reviewed once per quarter
  • Access to building on coded/tracked key-fob basis
  • Laptops and other development machines are encrypted

Network Access Controls

  • Network access to and from Sparked servers is controlled by dedicated firewall devices with up-to-date security patching
  • Access to Sparked servers on SoftLayer require use of VPN with multi-factor authentication and extensive access monitoring

Security Monitoring
  • Information Security team (including datacenter security team) monitors internal and external security events and implements corrective actions
  • Systems access logged and tracked for auditing purposes
  • Application access logs are collected and analyzed according to internal security procedures

Regulatory Compliance

Our datacenter provider, SoftLayer is compliant with various certifications and third-party attestations. These include:

  • SOC 2. SOC 2 (Service Organization Control) Report is an examination engagement performed by a service auditor in accordance with the predefined criteria in Trust Services Principles, Criteria and Illustrations, as well as the requirements and guidance in AT Section 101, Attest Engagements, of SSAEs (AICPA, Professional Standards, vol. 1).
  • Softalyer is: SafeHarbor certified.
  • More here: http://www.softlayer.com/about/certifications

Administrative Controls

  • Access to SaaS servers is limited, logged and tracked for auditing purposes
  • Security policies include:
    • Customer Data Handling policy
    • Secure document-destruction policies for all sensitive information
  • Sparked has dedicated IT security personnel
  • All employees (including datacenter employees) are trained on documented information security and privacy procedures
  • All file permissions (ACLs) set on a need-to-access basis only

Service Availability and Controls

  • Sparked maintains continual monitoring of service and performance, 24 hours a day, and seven days a week using Nagios, in addition to SoftLayer’s service monitoring.
  • Dedicated routers and switches feature redundant power and connectivity to the Internet. This is provided by redundant fiber and Internet backbone connectivity providers