How secure is the data in AbtracOnLine?

AbtracOnLine is developed within the Microsoft environment. There’s nothing to install locally nor to configure. Security-wise is it Microsoft Azure with all their security checks and balances. In addition we have our own settings for Data Security, Breach Protection, and Data Back Ups as below.

Data Security

All network communications to and from Abtrac Online are encrypted through the enforced use of the secure https (SSL) protocol.

User credentials are securely stored and validated using Microsoft’s Membership ‘module’. This is an industry standard development component that has been well tested and widely implemented. No page nor report can be accessed other than by a user who has logged in. Anyone trying any ‘back door’ entrance to any part of Abtrac will be diverted to the login screen if they have not already had their credentials verified. In addition, the Abtrac system itself implements its own security layer to enable clients to control staff access to pages and data in ‘user groups’ which can have permissions established by the company Abtrac administrator. All users who log into Abtrac have to belong to one such group.

Data Security Breach Protection

For added security our website strictly implements a design pattern to ensure that all publicly exposed database requests can only ever return a dataset for a single client. This is to limit the ability of a malicious user or robots being able to retrieve data en-masse from the system.

We have also built further protection into Abtrac to prevent malicious intrusion from web robots. We automatically lock out any attempted login if it fails to correctly combine user name and password within five attempts. And of course passwords are compliant with industry standards requiring a minimum number of characters and character types (at least one capital letter and one non-alpha character).

Full access to the database, required for our support, maintenance and development of the system, is restricted to Abtrac’s own secure (Auckland) office network. We maintain updated anti-virus and firewall software and also limit the use of remote connections to our secure network. Nobody from anywhere else from any other IP address can access the database.

Data Backups

Abtrac Online uses the Microsoft SQL Server Azure database. SQL Azure is an enterprise data storage solution. The version of SQL Azure we use has built-in business continuity features including point-in-time recovery and geo-redundancy. Furthermore, we independently take at least one database backup daily which is stored in another regional data centre. We maintain a 30 day rolling backup.

Abtrac KB# 2051