Security

As more and more business moves to the cloud, traditional concerns about security evolve. Security on the cloud has a number of components that may be roughly divided into software security (i.e. measures taken at the programming level to secure the service and its data against intrusion), platform security (i.e. measures taken at the hardware and platform level to secure the service and its data against intrusion) and loss prevention (i.e. measures taken to back up data and prevent loss even in the event of disaster).

Software Security

• OSP is protected from SQL injection: no user input is passed to the database as part of a SQL command.
• OSP is protected from Javascript injection: user-entered text is examined for potential threats and escaped when used for output.
• OSP Users’ passwords are stored in the database in an unrecoverable form (hash).
• OSP stores no credit card information on its servers. All credit card transactions are processed entirely by PayPal via the integrated PayFlow Link Payment Gateway.
• The data exchange channel with clients’ accounting systems (i.e. imports and exports via the QuickBooks Web Connector) is encrypted by SSL.
• No generic service endpoints (like SQL Server management or Reporting Service management) is exposed to the Internet; only specialized custom interfaces are exposed.
• The Back Office relies on role-based and fine-grained access restrictions. Depending on a User’s type, access to various modules is granted or refused. Access to specific module features is governed by the User module.

Platform Security

OrderStream Pro is hosted by Radiant Communications ( www.Radiant.net) on their AlwaysThere™ Enterprise Cloud Computing service. AlwaysThere™ is based on a Cisco-VMware-NetApp Secure Multi-Tenancy architecture.

Please click any of the following for more in-depth technical information about OrderStream Pro's cloud-based infrastructure:

• A 2-page PDF overview of AlwaysThere™
• A 4-page case study written by NetApp about Radiant’s implementation of their VMware-Cisco-NetApp solution
• A 10-slide PowerPoint overview of AlwaysThere™

Loss Prevention

Your data is vital to your business and loss must be prevented.

Radiant performs a scheduled backup of all data to a replicated disk target as follows:

• Image-level backup: Weekly
• File-level backup: Daily
• Image-level backup retained for 28 days
• File-level backup retained for 28 days
• Each backup is replicated to one of Radiant’s alternate data centres for protection in the event of a site disaster.