1. Home
  2. Knowledge Base
  3. Getting Started
  4. How secure is the data in AbtracOnLine?
  1. Home
  2. Knowledge Base
  3. Your free trial: Is Abtrac right for me?
  4. How secure is the data in AbtracOnLine?

How secure is the data in AbtracOnLine?

Abtrac is a mature online platform – we’ve been cloud based since 2014.

The cloud changed the way businesses consume, share, and use digital information.

It makes access to information and computing power easier, faster, more affordable, and under the right circumstances – more secure.


Where is Abtrac hosted? Is my data safe?

When we moved Abtrac to an online platform we wanted the best database management, backup procedures, and disaster recovery policies to keep your data safe. That’s why we chose Microsoft Azure to develop and host Abtrac.

Security is foundational for Azure. With a 1B+ USD investment in security R&D and 3,500 cyber security experts, Abtrac is hosted with the best.

We take advantage of multi-layered security provided by Azure across physical datacentres, infrastructure, and operations. Azure has cyber security experts actively monitoring to protect your business assets and data.

Learn more about Azure security here 

In addition to the protection provided with an Azure framework, Abtrac has been developed with our own standard security measures.

Data Security Breach Protection

For added security our website strictly implements a design pattern to ensure that all publicly exposed database requests can only ever return a dataset for a single client. This is to limit the ability of a malicious user or robots being able to retrieve data en-masse from the system.

We have also built further protection into Abtrac to prevent malicious intrusion from web robots. We automatically lock out any attempted login if it fails to correctly combine user name and password within five attempts. And of course passwords are compliant with industry standards requiring a minimum number of characters and character types (at least one capital letter and one non-alpha character).

Full access to the database, required for our support, maintenance and development of the system, is restricted to Abtrac’s own secure (Auckland) office network. We maintain updated anti-virus and firewall software and also limit the use of remote connections to our secure network. Nobody from anywhere else from any other IP address can access the database.


Login protection

All network communications to and from Abtrac Online job management software are encrypted through the enforced use of the secure https (SSL) protocol.

User credentials are securely stored and validated using Microsoft’s Membership ‘module’. This is an industry standard development component that has been well tested and widely implemented.

No page nor report can be accessed other than by a user who has legitimately logged in.

Anyone trying any ‘back door’ entrance to any part of Abtrac will be diverted to the log in screen if they have not already had their credentials verified.

For added security our website strictly implements a design pattern to ensure that all publicly exposed database requests can only ever return a dataset for a single client. This is to limit the ability of a malicious user being able to retrieve data en-masse from the system.

We have also built protection into Abtrac to prevent malicious intrusion from web robots. We automatically lock out any login if it fails to correctly combine user name and password within five attempts. And of course passwords are compliant with industry standards requiring a minimum number of characters and character types.


Two factor authentication

As recommended by more and more industry leaders we also recommend that you turn on Two Factor Authentication (not only for Abtrac but anything where you store sensitive information).

Abtrac’s Two Factor Authentication ensures your users not only have their own Abtrac secured password but they also have to have access to the email account assigned to their Abtrac login. Before they can gain access to Abtrac they will have to input a security code that is sent to their email.


Password requirements

Not only do your users have to have a secured password set with a minimum length with certain characters used, but you can also force users to change passwords every 31 days.

Login Groups and Access Restrictions:
In addition, the Abtrac system itself implements its own security layer to enable clients to control employee’s access to pages and data in ‘user groups’ which can have permissions established by your Abtrac administrator. All users who log into Abtrac have to belong to one such group. Access to each individual Abtrac report is similarly controlled by administrators in your office.


Database management and back ups

Abtrac Online uses the Microsoft SQL Server Azure database.

Full access to the database, required for our support, maintenance and development of the system, is restricted to Abtrac’s own secure office network. We maintain updated anti-virus and firewall software and also limit the use of remote connections to our secure network.

The version of SQL Azure we use has built-in business continuity features including point-in-time recovery and geo-redundancy. The databases residencies for Abtraconline are spread throughout Microsoft’s Australia and Asia Pacific centres.

Furthermore, we independently have an hourly incremental backup and at least one full database backup daily which is stored in another regional data centre for data resiliency. We maintain a 30 day rolling backup.

Abtrac’s technology roadmap

As technology is continuously evolving, we routinely review our security measures to ensure we’re protecting your online data in a solid security foundation that spans across all platforms.

As you evaluate Abtrac if you (or any of your advisors and team members) have any further queries or concerns about security give us a call or drop us an email, we’d be happy to answer your technical questions.

cess to pages and data in ‘user groups’ which can have permissions established by the company Abtrac administrator. All users who log into Abtrac have to belong to one such group.

Abtrac KB# 2051

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support