YouSendIt Security Data Sheet – Secure File Transfer and Data ...
YouSendIt Security Data Sheet – Secure File Transfer and Data ...
YouSendIt Security Data Sheet – Secure File Transfer and Data ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>YouSendIt</strong><br />
<strong>Security</strong><br />
“<br />
We saw that <strong>YouSendIt</strong><br />
uses SSL; employs sound<br />
user authentication <strong>and</strong><br />
password protection<br />
features; scans all files<br />
for viruses <strong>and</strong> has a<br />
secure physical structure.<br />
Our network engineers<br />
didn’t allow FTP for<br />
security reasons.<br />
”<br />
Leon Hampton<br />
Assistant Vice President<br />
Information Technology, Macerich<br />
Protect Your <strong>Data</strong> with Enterprise-Ready<br />
<strong>YouSendIt</strong> <strong>Security</strong> <strong>and</strong> Compliance<br />
Introduction<br />
© 2010 <strong>YouSendIt</strong>. All rights reserved.<br />
<strong>Data</strong>sheet<br />
There’s a simple contradiction challenging enterprises today. On the one<br />
h<strong>and</strong>, in order to stay competitive, corporations need to share information<br />
<strong>and</strong> collaborate, both internally <strong>and</strong> externally. On the other, they face<br />
growing concerns about security <strong>and</strong> regulatory compliance.<br />
Traditional means of collaboration—email, FTP, <strong>and</strong> couriers—are<br />
vulnerable to security breaches. Email is susceptible to viruses, <strong>and</strong> when<br />
users send files as attachments, you can’t track or regulate them. FTP is<br />
an outdated solution that’s confusing to users, so they find compromising<br />
workarounds like sharing passwords. And FTP files never expire, so your<br />
intellectual property remains exposed. Finally, when you use a courier,<br />
you never know who opens the package on the receiving end, or how long<br />
it remains lying around their office.<br />
<strong>YouSendIt</strong>, on the other h<strong>and</strong>, is an online collaboration tool that is both<br />
efficient <strong>and</strong> secure, with built-in systems that allow your organization<br />
to track <strong>and</strong> govern all file-sharing activity.<br />
Why <strong>YouSendIt</strong><br />
<strong>YouSendIt</strong> is the most trusted, easy to use, <strong>and</strong> cost-effective secure file<br />
transfer solution available. Used by 16 million people <strong>and</strong> over 2500<br />
corporations worldwide, <strong>YouSendIt</strong> lets users send, receive, <strong>and</strong> track files<br />
quickly <strong>and</strong> securely, increasing productivity with minimal effort.<br />
At <strong>YouSendIt</strong>, we’re committed to delivering the highest levels of enterpriseready<br />
security <strong>and</strong> compliance in our data centers, application technologies,<br />
data-at-rest policies <strong>and</strong> procedures, <strong>and</strong> data-in-motion security measures.<br />
Key Features<br />
Enterprise-Class <strong>Data</strong> Center <strong>Security</strong><br />
<strong>YouSendIt</strong>’s data centers are SAS 70 Type II-certified. <strong>YouSendIt</strong>’s servers are<br />
hosted in two data centers—one in California, US, <strong>and</strong> the second in London,<br />
Engl<strong>and</strong>. Each facility is protected by double-wall construction <strong>and</strong> employs<br />
biometric <strong>and</strong> video surveillance, physical security, seismic protection, water<br />
suppression, <strong>and</strong> dry-pipe fire protection technologies to prevent damage or<br />
loss from fire, earthquakes, flooding, <strong>and</strong> other natural disasters. All servers<br />
are secured in a locked room with limited access restricted to authorized<br />
individuals. Access is auditable by password <strong>and</strong> biometric scan for entry.<br />
In addition, <strong>YouSendIt</strong>’s enterprise-class data centers have built-in system<br />
redundancy <strong>and</strong> high-performance load balancers.
<strong>YouSendIt</strong><br />
<strong>Security</strong><br />
Network <strong>and</strong> System <strong>Security</strong><br />
<strong>YouSendIt</strong> leverages ISP <strong>and</strong> enterprise-grade<br />
firewalls that provide IP filtering <strong>and</strong> DOS<br />
protection for intrusion detection protection.<br />
All incoming network ports are blocked except<br />
for 80 <strong>and</strong> 443, which are dynamically opened<br />
<strong>and</strong> closed to allow HTTP <strong>and</strong> HTTPS traffic.<br />
Proactive network scans run at all times,<br />
<strong>and</strong> Internet spiders <strong>and</strong> search engines are<br />
blocked from files. At-rest encryption ensures<br />
that your entire system, operating system, <strong>and</strong><br />
data <strong>and</strong> system files are secured at the highest<br />
level against cyber threats as well as lost or<br />
stolen disks.<br />
Application <strong>Security</strong><br />
In addition to a hardened operating system,<br />
<strong>YouSendIt</strong> uses password <strong>and</strong> privilege<br />
policies to authenticate <strong>and</strong> authorize users.<br />
All passwords <strong>and</strong> credentials are encrypted<br />
during transmissions. With Active Directory<br />
integration, users are deployed <strong>and</strong> managed<br />
within the customer network. No passwords<br />
are stored outside of the corporate network,<br />
<strong>and</strong> the administrator can tightly manage the<br />
entire process.<br />
<strong>Data</strong> Protection During <strong>Transfer</strong> <strong>and</strong> At Rest<br />
All data in motion is encrypted using 128-bit<br />
SSL encryption with class 3 certificates <strong>and</strong><br />
cryptography. <strong>File</strong> names are dynamically<br />
scrambled, <strong>and</strong> data is continuously replicated<br />
<strong>and</strong> scanned for viruses. All data in our secure<br />
data centers is encrypted using 256-bit AES<br />
encryption. These measures ensure that<br />
the integrity of the data is maintained during<br />
transmission, uploading, downloading,<br />
<strong>and</strong> storage of a file.<br />
© 2010 <strong>YouSendIt</strong>. All rights reserved.<br />
Application<br />
• Hardened operating system<br />
• Proactive vulnerability scan<br />
• No single point of failure<br />
• Horizontally scalable modules<br />
• Advanced access <strong>and</strong><br />
authentication controls<br />
<strong>Data</strong> Center<br />
• SAS 70 Type II certified<br />
• Video surveillance<br />
• Highly restricted access<br />
• Biometric scanning<br />
• Detailed audit logs<br />
• Redundant power supplies<br />
• Seismically protected<br />
<strong>Data</strong>sheet<br />
<strong>Data</strong><br />
• Encryption in transit: 128-bit SSL<br />
• Encryption at rest: 256-bit AES<br />
• Redundant file copies<br />
• Virus scanning<br />
• Dynamic file name scrambling<br />
• <strong>Data</strong> confidentiality—No search<br />
engine or spider access<br />
• <strong>File</strong> expiration <strong>and</strong> password<br />
protection options<br />
Network<br />
• Redundant 10GB b<strong>and</strong>width<br />
• ISP grade firewalls<br />
• High performance load balancers<br />
• IP <strong>and</strong> protocol filtering<br />
• DOS protection<br />
• Proactive network vulnerability scans
<strong>YouSendIt</strong><br />
<strong>Security</strong><br />
Stringent <strong>Security</strong> Compliance<br />
• PCI Compliant: PCI Compliant. <strong>YouSendIt</strong> is PCI<br />
compliant, meeting the worldwide information<br />
security st<strong>and</strong>ards for processing card payments to<br />
prevent credit card fraud.<br />
• SAS 70 Type 2 Compliant. <strong>YouSendIt</strong> is SAS 70<br />
Type 2-compliant. Issued by the Auditing St<strong>and</strong>ards<br />
Board of the American Institute of Certified Public<br />
Accountants (AICPA), the Statement on Auditing<br />
St<strong>and</strong>ards Number 70 (SAS 70), as amended,<br />
provides guidance to auditors for examining <strong>and</strong><br />
reporting on the controls of a service organization.<br />
• HIPAA Compliant. <strong>YouSendIt</strong>, by the nature of its<br />
business, is exempt from being HIPAA compliant but<br />
is proactive in providing security <strong>and</strong> assisting our<br />
clients to achieve HIPAA compliance.<br />
• GLBA Compliance. <strong>YouSendIt</strong> complies with the<br />
privacy provisions of the Gramm-Leach-Bliley Act<br />
(GLBA), a law that governs certain activities of the<br />
financial services industry. Under GLBA, <strong>YouSendIt</strong><br />
qualifies as a service provider.<br />
Summary<br />
<strong>Data</strong>sheet<br />
Every business needs to stay productive <strong>and</strong> competitive through successful collaboration while remaining protected<br />
against security threats. <strong>YouSendIt</strong> provides enterprise-level security across your networks, systems, <strong>and</strong> applications<br />
during the entire digital communication process, whether you are accessing, storing, or transmitting data.<br />
<strong>YouSendIt</strong>, Inc.<br />
1919 S. Bascom Ave., 3rd Floor<br />
Campbell, CA 95008<br />
866.55U.SEND<br />
© 2010 <strong>YouSendIt</strong>. All rights reserved.<br />
Tracking <strong>and</strong> Auditing of <strong>Data</strong> <strong>Transfer</strong>s<br />
<strong>YouSendIt</strong> offers the ability to track files, obtain return<br />
receipts, control access to sensitive files, eradicate<br />
password sharing, set expiration policies for files, allow<br />
<strong>and</strong> disallow users, <strong>and</strong> enforce the most secure password<br />
policies at the company, group, or individual level.<br />
<strong>YouSendIt</strong> also delivers comprehensive user activity<br />
<strong>and</strong> usage reports for audit <strong>and</strong> compliance purposes.<br />
sales@yousendit.com<br />
www.yousendit.com