Click Here To Schedule A Live Demo

Data Security

OptimizeONE Security and Risk Focus

OptimizeONE’s primary security focus is safeguarding our customers’ data. OptimizeONE has invested in comprehensive controls to protect and service our customers, including implementing dedicated corporate, product, and infrastructure security programs. Our Legal and Compliance Team, in collaboration with other departments, oversees the implementation and evolution of these programs.

Our Security and Compliance Objectives

OptimizeONE has developed a robust security framework based on SaaS industry best practices, with the following objectives:

- Customer Trust and Protection: Deliver exceptional products and services while safeguarding data privacy and confidentiality.

- Service Availability and Continuity: Ensure consistent availability of the service and minimize risks to continuity.

- Information Integrity: Protect customer information from corruption or unauthorized alteration.

- Compliance with Standards: Align with or exceed industry-standard best practices.

Security Controls

OptimizeONE employs a multilayered approach to secure its systems and data, including administrative, technical, and physical security measures. Below are highlights of key controls and processes.

Infrastructure Security

Cloud Hosting Provider

OptimizeONE does not host product systems or data within its physical offices. Hosting is outsourced to leading providers, including Google Cloud Platform (GCP) and Amazon Web Services (AWS). These providers are trusted for their audited security and compliance programs.

- Google Cloud Platform: Ensures at least 99.5% uptime. More information is available at Google’s Compliance Resource Center.

- AWS: Guarantees uptime between 99.95% and 100%, with validated business continuity and disaster recovery measures. Documentation is accessible on the AWS Cloud Compliance Page.

Network and Perimeter Security

OptimizeONE employs multiple layers of filtering and inspection across firewalls, web applications, and logical security groups. Unauthorized connections are blocked by default, and firewalls are reviewed periodically to ensure proper configurations.

Configuration Management

OptimizeONE leverages automation for scalability. Infrastructure configurations are strictly managed, with deviations automatically detected and corrected within 30 minutes. Server patches are automated or decommissioned if non-compliant.

Logging and Monitoring

- Comprehensive logging ensures all actions and events are recorded and stored in centralized systems.

- Automated alerts notify engineers of anomalies, such as abuse attempts or attacks. Predefined responses address these events promptly.

Application Security

Web Application Defenses

OptimizeONE protects customer content through firewalls and application monitoring tools that block malicious traffic, following OWASP guidelines and mitigating risks such as DDoS attacks.

Development and Release Management

OptimizeONE uses a continuous delivery approach for development. Code reviews, static analysis, and dynamic testing ensure vulnerabilities are identified and mitigated before release. Deployment processes allow for seamless updates without downtime.

Vulnerability Management

OptimizeONE conducts regular vulnerability scans and annual penetration tests. Findings are assessed, and remediation is prioritized based on impact.

Customer Data Protection

Data Classification

OptimizeONE customers are responsible for ensuring their data collection aligns with their business needs. The platform is not intended to store sensitive information such as Social Security numbers or credit card details unless otherwise permitted.

Tenant Separation

Customer data is logically separated within OptimizeONE’s multi-tenant SaaS architecture using unique identifiers. Authorization rules are continuously validated to ensure data isolation.

Encryption

- In Transit: All data is encrypted with TLS 1.2 or higher.

- At Rest: Data is secured using AES-256 encryption. Passwords are hashed following industry standards.

- Key Management: Encryption keys are managed securely, with regular rotations based on data sensitivity.

Data Backup and Recovery

- Daily backups are retained for seven days, ensuring quick restoration capabilities.

- Backup data is secured with access restrictions and Write Once Read Many (WORM) protections.

- Customers can export data or use OptimizeONE’s public APIs for additional backups.

Identity and Access Control

User Management

Granular access controls allow customers to manage user roles and privileges within their OptimizeONE portals.

Product Login Protections

OptimizeONE enforces strong password policies and requires two-factor authentication (2FA) for accounts. Portal administrators can mandate 2FA for all users.

Employee Access

Access to production systems is restricted based on roles and monitored continuously. Persistent administrative access is limited, and changes require a secure approval process.