Caspio Online Database Platform
Online Databases Made Easy™
News | Blog | Contact
Questions?  877.820.9100 | Live Chat
"Caspio’s product updates have helped us immensely to stay on top of new requirements. I can rely on Caspio to equip me to meet my clients' needs."
– Deloitte
Home  >  Platform  >  Security

Cloud Security

Ensuring the security of your data and applications in the cloud is our top priority. There is no other priority above that. Fundamental security provisions are ingrained in our technology and policies and it is never an after-thought. We know we have to work hard to deserve your trust and we are committed to do so. We are sharing some of our security and data privacy standards, however understand that we cannot go into extensive details for security reasons.

Physical Layer

Caspio's state-of-the-art infrastructure is owned and managed by Caspio. It is co-located at a Tier 1 data center facility in the United States operated by Savvis and is SAS-70 Type II certified. Savvis is recognized by Gartner as a Magic Quadrant leader. Data center security measures include:

  • On premise security guards
  • Exterior-building cameras, false entrances, vehicle blockades, parking lot design, bulletproof glass/walls, unmarked buildings
  • Biometric systems which include palm scanners
  • Security cameras with digital recorders, Pan-Tilt-Zoom (PTZ) capabilities
  • Portals and man traps, only a single person authenticated at one time
  • Caged and locked space exclusive to Caspio and access authorized to limited staff

Network and Systems Layer

Our network is protected by top-of-the line firewalls from industry-leading vendors. These firewalls remain up-to-date with upgrades and patches provided by vendors and they are configured to allow only the absolute minimum level of access to internet users.

Various security measures are employed and enforced inside of the perimeter firewalls and on internal systems. The exact nature of these measures is kept confidential.

All operating systems are kept current with all the patches recommended by their vendors. All unnecessary users, protocols, and ports are disabled and monitored.

Our databases can only be accessed through trusted authentication and are kept inside layers of protection.

Human Layer

All data maintained in your Caspio account is owned by you. Our employees do not have direct access to the production equipment, except where necessary for system management, maintenance, monitoring, and backups. We do not outsource data management to service providers. Only select qualified Caspio permanent employees are allowed access to database servers, and only when their access is absolutely necessary. Caspio also follows rigorous hiring practices and background checks for administrative, IT, support and sales positions.

Our support engineers may only log into your account when explicitly authorized by you, and only to resolve problems or issues reported by you or contractually authorized. All account logins are logged.

Application Layer

Caspio platform offers extensive features to help you protect and secure your account, data and applications:

Account Authentication - Your account is protected by your Account ID and password. We encourage you to use strong passwords, protect them from others and change them often. We do not store sensitive user data in cookies or utilize other high-risk user or session tracking methods.

User and Group Privileges - You can assign access level privileges to both individual users and groups. This capability improves user management efficiency while controlling data access and application-level security.

Data Encryption - When you log into your Caspio account, your session is secured with 100% data encryption. When you deploy your DataPages and applications on your web site, you have the option of securing them through industry-standard SSL security that is offered at no extra cost. You also have the option of blocking non-SSL access to your data and applications completely to ensure secure data transfer between your users and our servers.

Web Application Password Protection - You can activate Web User Authentication for your apps. This capability is standard Caspio feature and helps you prevent unauthorized users from accessing your apps and data. You can have an unlimited number of authenticated users for your applications.

Data Harvesting Protection - Caspio provides CAPTCHA human verification security that may be added to search forms to prevent robots from harvesting your data.

IP Blocking - You also have the option of granting or blocking access to your apps and DataPages via IP addresses. Using this capability, you can limit access to an application to users on your internal network.

PCI Compliance

Caspio has been deemed PCI compliant by the Payment Card Industry Security Standards Council. This means that we have implemented the highest security standards when it comes to transactions involving a payment card. The same level of security can be applied to your payment processing apps when you work with Caspio Professional Services.

We meet all six categories of PCI standards.

  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor Networks
  • Regularly Test Networks
  • Maintain an Information Security Policy

TRUSTe EU Safe Harbor Certified

We respect your privacy and the privacy of the information in your account and treat both with utmost care and consideration. We are a licensee of the TRUSTe® Privacy Program and abide by the EU Safe Harbor Framework as outlined by the U.S. Department of Commerce and the European Union.

TRUSTe is an independent organization devoted to build users' trust in the internet by promoting the use of fair information practices. We have elected to disclose our information handling practices and have our practices reviewed for compliance by TRUSTe as a testament of our commitment to your privacy.

Please direct all your inquiries pertaining to the Site, Service, or this Statement to us by contacting Caspio. In the event your inquiry isn't acknowledged within a reasonable time expectation, or hasn't been addressed to your satisfaction, please contact TRUSTe. TRUSTe shall then serve as a liaison with us to resolve your concerns.

Note: Use of the Caspio Bridge online service is subject to the Caspio Bridge Terms of Service. Caspio may change its security infrastructure and practices from time to time.

Company
About Caspio
News
Careers
Contact
Blog
Partners
Overview
Reseller Partnerships
Affiliate Partnerships Developers
Support
Get Support
Online Help
Video Tutorials
Training
Product Updates
Get Started
Free Trial
Project Consultation
Buy Now
Click here to load this Caspio Online Database app.
Sign Up
Online Database - Free Trial
Inc 5000 Truste SAS70 PCI
Digg Twitter Facebook LinkedIn
©2000 - 2012 Caspio, Inc. All rights reserved. Terms of Use | Privacy Policy | ExpressDB | Sitemap | 877.820.9100