Smartsearch Online - Security

Customer Data Security

Data separation: Each client's data resides within its own private database and is accessible by client-authorized users only. In addition, each client's session of SmartSearch Online uses its own dedicated connection to its private database, as opposed to data connection pooling. To further augment the segregation of client data, each client runs against its own copy of the source code in a private virtual directory on one web server as opposed to running from a shared depository of code that could compromise security via web server caching issues.

Network access limitations: We only allow inbound HTTP and Secured HTTP traffic to the SmartSearch Online server farm. In addition to routing and firewall wall security that protects the web servers, the database servers are not physically accessible via the Internet. The database servers reside on a separated network that communicates with the web servers via a private, unexposed backbone. The result is an exceptionally secure environment.

SQL security: At no time are any actual database passwords ever transmitted over the Internet. The authentication to the actual database is handled within NT trusted security context. There is no chance of anyone “sniffing” the password of the SQL server and getting back-door access to the database.

User security: SmartSearch Online end-users have no authority to access the raw operating system, file system or database objects. End-user passwords afford access to the system data only via the SmartSearch Online application. An individual with unauthorized access to an end-users login account would have normal application functions only. Customers are able to generate user logs and implement internal security to track user activity. In addition, SmartSearch Online personnel continually log and monitor system traffic to detect any unusual activity.

Data backup: All databases are backed up to removable media nightly. Backup media is transferred weekly to a highly secure offsite facility. Routine archiving of data is performed on a client-specified delivery schedule that is usually driven by year-end reporting needs or database size.

System Security

SmartSearch Online servers are set up in server-pairs (a web and a database server), providing load balancing, redundancy, scalability and reliability. In the event of a failure, either one of the two machines may act as a stand-alone server if needed. In addition, there are hot backup servers that may be brought online quickly if necessary. All servers are fault-tolerant major vendor (Compaq Proliant, IBM or Hewlett Packard) servers.

In addition, we utilize extended battery back-up Uninterruptible Power Supplies (UPS) and an on-site natural gas generator in case of utility outage.

In the event of a major catastrophe, SmartSearch Online follows a formal disaster recovery plan and procedures. The system is further supported by agreements with the ISP to provide any needed servers at its facility.