Is my Neoserra database secure?
Yes! OutreachSystems provides state-of-the-art Client Activity Tracking Systems that are designed to never compromise your clients' data. We know that security is crucial to you and your clients, which is why we also make security our top priority.
Your Neoserra database is hosted in two separate secure co-location facilities - one located on the East Coast, servicing all clients in the Central and Eastern time zones; and one located on the West Coast, servicing all clients in Western and Mountain time zones. The co-location facility is managed by Amazon and provides 24-hour physical security, redundant electrical generators, redundant data center air conditioners and other back-up equipment designed to keep servers continually up and running. Unauthorized users are not able to access the Neoserra servers where your database is hosted.
Backup and Recovery
The Neoserra databases are hosted in two separate Amazon Web Service (AWS) regions: AWS Oregon and AWS N. Virginia.
Each night, every Neoserra database is backed up to another server in the same AWS region as the SQL Server. These backups are compressed and then uploaded to the Amazon S3 service in a different region. Non-relational data is also synchronized to the alternate region in a hot-standby location. The master service directory database is replicated real time in three data center locations (the regions and corporate).
In the event of the catastrophic loss of a region, the most recent backup will be extracted from the Amazon S3 service in the backup region. The backup will be restored and the Neoserra master directory will be updated to reflect the new region of service.
SQL Server Security
Neoserra is based upon the robust Microsoft SQL Server database that is capable of handling thousands of records and multiple concurrent users. Since we have multiple SQL servers there is no one version of SQL that is employed but all servers are version 2014 or later. All database transactions utilize TSQL stored procedures for increased database security and efficiency.
Only OutreachSystems staff has direct access to the SQL Servers. Passwords used by the Outreach staff are changed on a regular basis.
Access ID and Password
Neoserra is accessible on the Web using Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari. Neoserra is designed to limit online access to those users possessing the username and password associated with your account(s). One administrator account will be provided when your database is initially configured. The administrator assigned by the lead center will be responsible for providing usernames and passwords to all users. Generally speaking it is recommended that users do not share login accounts and that the passwords assigned to each user include letters, punctuation, symbols, and numbers. With respect to security, it is often still the humans that pose the greatest security risk. Often passwords are weak, not changed regularly or easily guessed. For this reason, OutreachSystems has dedicated an FAQ to explain how you can choose a good password.
- Whenever possible, you should use at least 14 characters or more.
- The greater the variety of characters in your password, the better.
- Passwords should use the entire keyboard, not just the letters and characters you use or see most often.
If a Neoserra user is no longer active with your program, it is imperative that you inactivate their login account!
Your Neoserra database is accessible via a secure https URL. The encryption technology in place (currently, RC4 128 bit SSL/TLS) allows for the protection of data in transit between your computer and ours.
The off-site backups are encrypted when they leave the primary co-location facility.
The Neoserra servers include "firewalls" that we monitor and that are designed to protect against unauthorized access to our systems.
How to Protect Yourself Online
Beyond the security measures offered by OutreachSystems, each user should also exercise certain precautions to protect themselves and the Neoserra data from unauthorized access.
User ID and Password
Users should follow these rules to protect themselves and the data in the Neoserra database:
- Never disclose your username or password to anyone else.
- Memorize your username and password, and make sure not to write them down.
- Don't use birth dates, names, or other easily guessed combinations of letters or numbers
- Don't be taken in. OutreachSystems will never send you an e-mail asking for your username or password.
In addition to the recommendations listed above, administrators should also be aware of all employees who are no longer with your organization. Usernames and passwords associated with employees who have left your organization should be immediately revoked. Users who believe that their passwords have been compromised should immediately notify their administrator and change their password.
When you are done online, log off. We suggest you do this before you shut your computer off.
Individual Computer Security
All users should protect their own computer by doing these things:
- Keep your operating system and browser up to date.
- Install a personal firewall.
- Install anti-virus software and keep it up to date.
- Scan your computer for spyware on a regular basis.
- Never download programs or files from unknown sources.
Want more? Browse our extensive list of Neoserra FAQs.