Is my data "secure"? The one word answer to this question is a resounding "Yes". In fact, it is more secure than most companies can provide on their own. We realize that the data that you have in Impel is extremely sensitive and we do everything within our power to ensure that your data is completely secured.
There are several aspects to your data security and we discuss them briefly here.
The Impel application and your data is hosted on Amazon's EC2/S3 "cloud". Amazon's EC2 data centers have multiple, redundant, high-bandwidth connections for 24x7 access to your data. They are equipped with the latest and best firewalls, secure servers, spam and virus filters to protect your data from hackers and vicious attacks. In addition to data center security, we have additional firewalls and port control to ensure that neither your database nor your app can be tampered with by unauthorized users.
We regularly monitor the number of users and connections to the app (without logging into your instance), so we have prior notice if a DOS attack of any kind is mounted. We get SMS-based alerts about failures of keep-alive checks on our apps, so we can correct failures, if they occur at all.
Each user within your company uses a multi-level login scheme. The first is the name of your organization, which is assigned by Impel when your company is set up as a customer. The second is the email ID of the user, which is set by the Impel administrator within your company. The third is the user's password, which is changeable by the user. The user password is maintained in an encrypted form that cannot be decrypted even by our internal people.
Users are assigned a unique session ID every time that they log in which is used to verify the user's authenticity and authority within the system. The user's session key is verified with each and every page request to ensure that the user can perform only authorized transactions and view allowed data. The typical ways that hackers break sessions - by "spoofing" IP addresses and cookies, etc. - are all handled in our hosting mechanism.
Allowing user access
Each user's access rights to transactions and data within Impel are defined by your Administrator. There are multiple levels of authorization to pages and data within Impel. A user sees links only to those pages that s/he has been authorized to by the Administrator. Users cannot get to other non-accessible pages even if they know the exact "address" of the page.
Access to your data
Our own employees and data center employees are restricted both legally and technically from viewing your data. Our own administrative processes are limited to overall performance tuning (not specific to your database) and backup/restore operations.
Each database within Impel is separated virtually on the server and the data is not co-mingled amongst customers. Your database contains only information that is added by your authorized users. The database is not a shared device.
Data Backup and storage
All data is backed up every day, automatically. A copy of your data is also stored offsite from the data center for additional security and emergency access.
All data is replicated to other servers to ensure full recovery and availability.
We guarantee 99.5% uptime, other than previously scheduled routine maintenance.