The IronBox Data Protection and Privacy Platform
We don’t take any chances when it comes to your data and reputation. Here’s how we protect your data.
We don’t take any chances when it comes to your data and reputation. Here’s how we protect your data.
Designed with multiple layers of defense to provide the best security experience.
All settings and features are pre-set with the most secure settings by default.
Services are designed only to expose only necessary endpoints and limit number of potential attack vectors.
Critical security data is separated helping to ensure that a compromise of one component does not lead to an entire system/data compromise.
Your data is handled in an application environment where the authenticity of critical actions can be verified.
Enhanced security using SMS based access codes is built into the platform at no-extra cost to you.
Our IronBox platform keeps your data protected at rest using AES-256 bit encryption (CBC).
SSL tunnels using 2048-bit public keys and AES-128 bit encryption help ensure your data stays safe while transmitted across networks. In many cases data is pre-encrypted before entering SSL tunnels.
Our IronBox platform keeps your data safe when it’s being accessed (from disk, memory and more).
We take proprietary steps to help ensure that the data you delete stays deleted and can’t be easily recovered.
With IronBox you don’t need to worry if your data is exposed or unnecessarily left in the cloud. IronBox can automatically expire your data for you so you don’t have to.
Our patent-pending technology helps ensure that your data is not exposed to threats that arise from it’s actual physical location (coming soon)
Your data is encrypted such that even we can’t access it once it’s been locked by IronBox. This helps provide the highest privacy and security for our customers and their data.
Design utilizes platform protection mechanisms whenever possible.
Only FIPS validated cryptographic libraries are used for data protection.
AES 128-bit or 256-bit (default) CBC is used for symmetric data encryption operations.
Variable length RSA (2048 default) is used for asymmetric encryption operations.
White-list input validation is required for un-trusted data and helps reduce risk from many common attacks. Mandatory server-side validation is performed.
We co-invented the Anti-SQL Injection Library which helps ensure that un-trusted data is parameterized to reduce the risk of common database injection attacks.
Un-trusted data is encoded using the AntiXSS library or a standard encoding library to reduce the risk from cross-site scripting and related attacks.
Generic error handling helps ensure that information that could aid attackers is not exposed.
A managed code implementation greatly reduces the risk from common injection and memory corruption attacks, such as buffer overflows.
Any symmetric keys derived from user data is generated using standard key derivation protocols and hardened with iterations that exceed industry recommendations.
Any random data used for security related functions is cryptographically generated.
Standard authentication/authorization libraries and identity providers are used to help prevent unauthorized access.
Controls are implemented to help mitigate risk from Web-based session fixation attacks.
Manual code reviews are performed regularly by senior security developers to identity and mitigate potential risks in code.
Automated code scanning is used to supplement code review efforts to reduce risk in code.
Security unit tests are developed to validate security functionality and detect regressions.
Minimum 2048-bit SSL certificate is used to protect all in-transit data.
Least privilege deployment of services helps isolate damage from any potential attacks.
Unnecessary services are disabled or uninstalled to limit potential attack vectors.
Generic error handling helps ensure that information that could aid attackers is not exposed.
Built-in platform protection features are enabled to reduce risk from common attacks.
HTTP Strict Transport Security (HSTS) is enabled on production servers to help enforce secure communications with IronBox.
Sessions after a period of inactivity are automatically expired to better protect data.
Protective devices like firewalls are configured with white-list based ACLs and rules.
Non-essential production accounts are disabled or removed.
Data centers are certified and attested for ISO/IEC 27001:2005, SOC 1 and SOC 2 SSAE 16/ISAE 3402, Cloud Security Alliance Cloud Controls Matrix, Federal Risk and Authorization Management Program, PCI and HIPAA BAA.
Platform-based controls to help reduce risk from common attacks like XSS, CSRF and ClickJacking are employed.
SSL Forward Secrecy (FS) is configured to help ensure the protection of data even if SSL public and private key pairs are compromised.
All security patches are deployed to production systems within 24-48 hours of public release and verification testing.
Automated and scheduled vulnerability scanning is performed on production systems to quickly identify common vulnerabilities.
Self and third-party conducted penetration tests are performed on production systems on a regular schedule.
Production system strong passwords are used and changed regularly.
Data is automatically wiped using DoD 5220 style wiping to prevent unauthorized recovery of data.
SSL certificates are validated to help ensure the authenticity of secure communication channels.
Mobile app automatically checks the underlying device to help ensure that it has not been jail-broken, and refuses to run if it has been.
Credentials while in use are stored in secure storage facilities and securely wiped when no longer needed.
Sessions automatically expire after a period of inactivity to help ensure the security and privacy of your data.
All cryptographic functions are performed on the client side for better security and privacy.
Your data is kept protected at rest using AES-256 bit encryption (CBC).
SSL tunnels using 2048-bit public keys and AES-128 bit encryption help ensure your data stays safe while transmitted across networks. In many cases data is pre-encrypted before entering SSL tunnels.
IronBox specializes in Internet security, data protection and application security. Our team members are recognized security experts that have helped protect some of the industry’s highest value and most targeted data.
Delighting customers with premium data protection, prompt support and easy-to-use software services is our passion.