Security

Commitment to Security

At QuickZeros, security is foundational to our SaaS products, ensuring the protection of our users worldwide through comprehensive measures covering data, operational, and physical security.

Organizational Security
  • Information Security Management System (ISMS): We implement strict policies to secure customer data, focusing on security, availability, processing integrity, and confidentiality.

Employee Background Checks
  • Verification Process: All employees undergo thorough background checks, including criminal records, employment history, and educational background, conducted by reputable agencies.

Security Awareness

  • Training and Evaluation: Employees sign confidentiality agreements and receive ongoing training in security, privacy, and compliance. Their understanding is regularly assessed to ensure continuous improvement.
  • Continuous Education: We maintain a culture of security awareness through internal communities and events to keep our employees updated on best practices.

Dedicated Security and Privacy Teams

  • Expert Management: Our specialized teams oversee security programs, maintain defense systems, and monitor networks for suspicious activities, providing expert guidance and support.
Internal Audit and Compliance
  • Compliance Team: A dedicated team reviews and aligns our procedures with industry standards, conducts periodic internal audits, and facilitates independent third-party assessments.

Endpoint Security

  • Workstation Security: Employee workstations are configured with up-to-date OS, antivirus software, and meet our security standards. They include data encryption, strong passwords, and automatic locking. Mobile devices are managed to ensure compliance with security protocols.
Physical Security
  • Workplace Access Control: Access to buildings and facilities is controlled via access cards specific to employees, contractors, vendors, and visitors, with HR maintaining role-specific access purposes. Access logs are monitored for anomalies.
  • Data Center Security: Co-location providers manage building security, cooling, and power, while QuickZeros manages servers and storage. Access is limited to authorized personnel, requiring two-factor and biometric authentication. Access logs, activity records, and CCTV footage are maintained.
  • Monitoring: CCTV cameras monitor all entry and exit movements in business centers and data centers, with footage backed up per location-specific requirements.

Infrastructure Security

Network Security
  • Layered Protection: Firewalls prevent unauthorized access. Segmented networks protect sensitive data, and testing systems are separate from production infrastructure.
  • Continuous Monitoring: Network engineers review firewall changes daily and biannually. Our Network Operations Center monitors for discrepancies or suspicious activities, with proprietary tools providing continuous parameter monitoring.
Network Redundancy
  • System Redundancy: Distributed grid architecture and multiple network components ensure system and device-level redundancy, preventing single-point failures.
DDoS Prevention
  • Mitigation Technologies: Trusted providers’ technologies prevent DDoS attacks, ensuring website, application, and API availability and performance.
Server Hardening
  • Consistency and Security: Servers are hardened with built-in security measures like disabling unused ports and accounts, and provisioning consistent OS images.
Intrusion Detection and Prevention
  • Monitoring and Alerts: Host-based and network-based signals are monitored. Administrative access and system calls are logged, with rules and machine intelligence providing incident warnings. Multi-layered security at the ISP level handles attacks from network to application layer, ensuring clean traffic and reliable proxy services.

Data Security

Secure by Design
  • Change Management: All changes follow a change management policy and secure coding guidelines. Code changes are screened for security issues using automated tools and manual reviews.
  • Threat Mitigation: Application layer security based on OWASP standards addresses threats like SQL injection, cross-site scripting, and DoS attacks.
Data Isolation
  • Secure Protocols: Customer data is logically separated to ensure data privacy. Your data remains your property and is never shared without consent.
Encryption
  • In Transit: Customer data is transmitted using TLS 1.2/1.3, ensuring secure connections. Email uses opportunistic TLS and supports Perfect Forward Secrecy (PFS). HTTP Strict Transport Security (HSTS) is enforced.
  • At Rest: Sensitive data is encrypted using AES-256. Data encryption keys and master keys are stored separately, managed by our in-house Key Management Service (KMS).
Data Retention and Disposal
  • Retention Policy: Data is retained as long as you use our services. Upon account termination, data is deleted from active databases and backups following a specific schedule.
  • Device Disposal: Unusable devices are securely stored and disposed of by verified vendors. Data is erased before disposal, and failed storage devices are destroyed using secure methods.

This comprehensive approach ensures the security and privacy of your data throughout its lifecycle.

Identity and Access Control

Single Sign-On (SSO)
  • Integrated Access: Users access multiple services via a single sign-in through our IAM service, supporting SAML for integration with identity providers like LDAP and ADFS.
  • Benefits: Simplifies login, ensures compliance, and reduces password fatigue risks.
Multi-Factor Authentication (MFA)
  • Additional Security: Requires extra verification, reducing unauthorized access risks. Configurable via QuickZeros One-Auth, supporting Touch ID, Face ID, Push Notifications, QR codes, OTP.
Administrative Access
  • Controlled Access: Technical controls and policies restrict employee access to user data, following least privilege and role-based permissions principles.
  • Access Management: Production environment access is secured with strong passwords, two-factor authentication, and passphrase-protected SSH keys. Operations are logged and audited periodically.

Operational Security

Logging and Monitoring
  • Comprehensive Monitoring: We gather and analyze information from services, internal network traffic, and device usage, recording it as event logs, audit logs, fault logs, administrator logs, and operator logs. These logs are securely stored and centrally managed to ensure availability and access control.
Vulnerability Management
  • Active Scanning: We use third-party and in-house tools for continuous vulnerability scanning, combined with penetration testing. Vulnerabilities are logged, prioritized, and tracked until resolution.
Malware and Spam Protection
  • Automated Scanning: User files are scanned for malware using our updated anti-malware engine and machine learning techniques. We support DMARC to prevent spam and have a dedicated team to handle abuse complaints.
Backup
  • Regular Backups: Incremental daily backups and weekly full backups are encrypted and stored securely. Backups are retained for three months, with integrity checks and failure reruns managed automatically.
Disaster Recovery and Business Continuity
  • Resilient Storage: Data is replicated across data centers, with secondary centers taking over during primary failures. Physical measures include power backups, temperature controls, and fire-prevention systems, ensuring operational resilience and continuity.
Incident Management
  • Reporting: Our incident management team tracks and resolves incidents, notifying affected users and providing necessary evidence and corrective actions. For security or privacy incidents, contact incidents@QuickZeros.com. General incidents are reported via blogs, forums, and social media.
  • Breach Notification: We notify relevant Data Protection Authorities and customers of breaches within 72 hours per GDPR guidelines.
Responsible Disclosures
  • Bug Bounty Program: We recognize and reward researchers for reporting vulnerabilities. Report issues at email security@QuickZeros.com.
Vendor and Third-Party Supplier Management
  • Risk Assessment: We evaluate and qualify vendors based on risk assessments, ensuring they adhere to our confidentiality, availability, and integrity commitments. Periodic reviews monitor vendor security measures.
Customer Controls

While we take extensive measures to secure our services, here are steps you can take as a customer to enhance security:

  • Choose a unique, strong password and protect it.
  • Use multi-factor authentication.
  • Keep your browser, mobile OS, and applications up-to-date.
  • Exercise caution when sharing data from our cloud environment.
  • Classify and label your information as personal or sensitive.
  • Monitor account-linked devices, active sessions, and third-party access to detect anomalies.
  • Stay vigilant against phishing and malware threats by scrutinizing unfamiliar emails, websites, and links.

For more information on shared responsibility for cloud security, read our resource on Understanding shared responsibility with QuickZeros.

Conclusion

Ensuring your data’s security is our ongoing mission. For further queries, check our FAQs or contact us at security@QuickZeros.com.

Access it for free, forever

Try now