This topic has been added because insurance companies and broker dealers have had many questions about the security of where their advisors put their data.
Since Advisors Assistant has both a Hosted and a Local implementation, a different security discussion applies to each, but several topics apply to both.
Local Implementation
A local implementation is one where the SQL Server and the database is resident either on the user's local area network behind their firewall or, in the case of a single user, the database is located on the same computer as the Advisors Assistant program.
Passwords
The user can and should make the election to use strong passwords by selecting this as the System Preference under the Passwords Tab.
Though Advisors Assistant does not force the user to adopt strong passwords, logging in without them set will cause a "nag screen" to warn the user and require an extra click for each login until they are elected.
1.Passwords are stored encrypted using AES 256 Encryption. They are stored in such a way that they cannot be retrieved to check. SQL Server checks the password and sends back a match or not matched message. This is called one way hashing.
2.Certain Personal Identification fields are stored as AES 256 bit encrypted within the database.
3.Any backups made, unless you turn the feature off, are AES 256 Encrypted.
4.Any data you send to Client Marketing Systems' FTP site, is AES 256 Encrypted as long as you use the Advisors Assistant Encrypted File Transfer Program. Unless it is being worked on by a programmer, it is stored encrypted.
5.Encryption and decryption of FILES sent to us is done by a special program in our office which does not reveal the encryption key. The program will only run on our private network and is stored on an encrypted drive.
Logins Are Recorded
All logins, successful or failed are logged in a report that can be viewed by the system administrator.
Login Attempts Can Be Limited
The System Administrator can set a limit on the number of login attemps. For example, if the user gets the login wrong 10 times, the user's account is disabled. This feature is designed to prevent brute force attacks.
Hosted Implementation
A hosted implementation is one where the SQL Server and the database is located on a server maintained in a different location and accessed via the internet. In most cases, the discussion below is based on Client Marketing Systems, Inc. providing hosting services.
Passwords
Hosted systems are set up to use strong passwords that meet FDIC requirements.
Access To Login Restricted
The hosted Advisors Assistant is not a thin client program that requires only a browser (which everyone has) to access the credentials screen where you enter the user id and password. The Advisors Assistant client program is required. Client programs are only sent to Advisors Assistant license holders.
Login Attempts Limited
If the user gets the login wrong 10 times, the user's account is disabled. The system administrator can make this setting more restrictive. The default is 10. This is designed to prevent brute force attacks.
Logins Are Recorded
All logins, successful or failed, are logged in a report that can be viewed by the system administrator.
SQL Server Not Open To Internet
The computer containing the SQL Server program and your database has no ports open to the Internet for communications. It is behind a firewall and will only communicate with its communications server which is a separate computer which receives commands from the user's Advisors Assistant program, checks the user's security for every command, and reinterprets it for the SQL Server. Port scans will not see our SQL Servers.
24 / 7 Intrusion Detection
A special appliance and Intrusion Detection Software provided by Alert Logic is located between our firewall and the network inspects traffic for anomalies. This is monitored by a team which will take action in the event of an critical alert.
Unique Strong Session Key Required
Each database has it's own unique, very strong key, which is used to start a session and provides permission to display the Login Screen. Without this long, strong key, the login to the database is not displayed.
Each Request Requires A Unique Token
At session login, a unique token is issued to the Advisors Assistant station and it must accompany every data request. The token is automatically changed every few minutes. If an expired token is used, the server automatically breaks the connection.
Each Session Encrypted
Each session is established with the Communications Server over encrypted SSL.
Each SQL Request Is Encrypted By The Advisors Assistant Program
Each SQL Server Request for data is Encrypted before it leaves your workstation. This is in addition to the SSL Encryption. This is designed to prevent what is called a SQL Injection Attack, even if someone is using a proxy server and monitoring the network before the data reaches the proxy server.
Regular Backups
A database backup is made every evening and retained for 14 days. Users have the option of receiving a weekly backup downloaded to their workstation. That backup is encrypted.
Secure Data Center
The data center housing the servers is an SAS Type 2 Data Center. The latest audit report is available on request.
Anti Virus Program
A commercial anti virus program is present on servers with inbound ports open to the Internet.
Encryption
1.Passwords are stored encrypted using AES 256 Encryption. They are stored in such a way that they cannot be retrieved to check. SQL Server checks the password and sends back a match or not matched message. This is called one way hashing.
2.All SQL Server requests are encrypted over and above SSL encryption provided by browsers.
3.Certain Personal Identification fields are stored as AES 256 bit encrypted within the database.
4.Any backups sent to you are AES 256 Encrypted.
5.Any data you send to Client Marketing Systems' FTP site, is AES 256 Encrypted as long as you use the Advisors Assistant Encrypted File Transfer Program. Unless it is being worked on by a programmer, it is stored encrypted.
Decommissioned Servers & Secure Erase
From time to time, we replace servers and decommission old servers. To assure that there is no chance of data being retrieved from the hard drives of the decommissioned servers, we contract to have Rackspace "wipe" the drive to their High Assurance Drive Wiping Standard. This standard is commonly referred to as "DOD-3 Multi-Pass Secure Erase."
Encrypted Fields vs Encrypted Files
Decrypting the backup file DOES NOT decrypt the Personal Identification fields in the database backup. The encrypted fields inside of the backup are an additional security measure. If your database backup were to fall into the wrong hands, that important information would as safe as AES 256 Encryption with a long key provides. Only the Advisors Assistant program decrypts the fields listed below.
Encrypted Personal ID Fields
Personal or Organization Tax ID
Passport Number
Non-Citizen ID
Drivers License Number
Medicare Number
Decrypting Personal IDs
In order to decrypt the Personal ID's you must send a backup of your database to us, and we assign a programmer to do this function. There is a charge for this service. The decryption is only for that one backup file. The operational database relies on the database having these fields encrypted. Under no circumstances is the key used by the program ever made available to anyone other than our programmers. Ever.
Vendor Security
As a vendor, we have taken the following security precautions, separate from those at Rackspace. Note that hosted data is stored at Rackspace, not in our office.
Employee Background Checks
All employees hired within the past 5 years must pass a criminal and civil backgraound check.
Regular Security Awareness Training
Data security is part of regular employee meetings and also part of the Employee Manual.
Anti-virus program
All servers and stations must have anti-virus installed. This is monitored by a 3rd party.
No Third Party Vendors Are Used For Program Development
All program development is performed by employees of Client Marketing System, Inc. so no third parties will have access to your data or your program unless directed by you in writing.
Data at Rest is Encrypted
When we do work on client data, when the data is not actually being worked on, it is stored AES 256 encrypted. The encryption program protects the person doing the encryption from knowing the encryption key and it can only be run on authorized computers.
Encrypted Server Drive
Encrypted backups are stored on an encrypted drive so that it is double encrypted.
Office is Alarmed & Connected
No Third Party Programmers or Vendors Have Access. Access and motion detectors are connected to an alarm monitoring company. The Police Department is literally less than a mile from our office.
Written Incident Management Procedures In Place
There is a written security incident management program in place to streamline and coordinate our approach to any security breech. We have not had to use this document.
Backups Are Encrypted
Backups stored off site are encrypted.