Caspio Online Database Platform
Changing the Way Apps are Built™
Questions?  877.820.9100 | Live Chat
Home  >  Security

Platform Security

At Caspio, nothing is considered more important than protecting your data from unauthorized access or loss. We have woven a data-security culture into our DNA. It's manifested in the security features of our platform, the selection of our technology partners and vendors, employee training, company policies, adherence to the latest best practices and developments in the field, and vigorous testing and quality assurance practices that go into every release of our technology.

We realize that we have to work hard to deserve your trust, and we are committed to doing so. The following is an overview of our security measures. Please note that some details have been excluded in order to protect the integrity of these security solutions.

Physical Layer

Caspio is using Amazon Web Services (AWS) as its infrastructure provider. AWS has built a reputation for providing some of the most secure and best-run data centers in the world. 

AWS is:

  • SOC 1 and 2 / SSAE 16 / ISAE 3402 Certified (formerly SAS70) 
  • SOC 3 Certified 
  • ISO 27001 Security Certified
  • Authorized by U.S. General Services Administration to operate at the FISMA Moderate level
  • Capable of supporting Payment Card Industry (PCI) compliant applications when AWS and Caspio-provided security controls are used in tandem

Caspio Security - SAS-70, ISO and PCI Compliance

These compliances and certifications ensure that AWS adheres to the stringent security standards that meet or exceed the requirements of some of the most sensitive data and applications.

Network and Systems Layer

Our servers and firewalls are configured to allow only the absolute minimum level of access. All unnecessary users, protocols and ports are disabled and monitored.

Operating systems and third-party software are kept current with the latest upgrades and patches recommended by their vendors.

Our databases and backups can only be accessed through trusted and secure authentication.

Human Layer

All data maintained in your Caspio account is owned by you. Only a few select, qualified and authorized personnel are allowed access to servers when necessary for system management, maintenance, monitoring, and backups.

We follow rigorous hiring practices and every administrative, IT, support, and sales candidate undergoes a background check.

Our support engineers may only access your account when explicitly authorized by you to resolve problems or issues reported by you or to address issues for which we are contractually authorized.

All account logins are tracked for reference.

Application Layer

The Caspio platform offers an extensive list of features to help you protect and secure your account, data and applications:

Account Authentication - Your account is protected by your Account ID and password. We encourage you to use strong passwords, protect them from others, and change them often. You are advised to only access your account from trusted devices and networks. We do not store sensitive user data in cookies or utilize other high-risk user or session tracking methods.

Data Encryption - When you log into your Caspio account, your session is secured with SSL encryption. When you deploy your DataPages and applications on your website, you have the option of securing them through industry-standard SSL security that we offer to customers at no extra cost. You also have the option of completely blocking non-SSL access to your data and applications.

Web User Authentication - You can apply Web User Authentication to your apps. This capability is a standard Caspio feature and helps you prevent unauthorized users from accessing your apps and data. You can have an unlimited number of authenticated users for your applications.

Data Harvesting Protection - Caspio provides CAPTCHA human verification security that can be added to the search forms of your apps to prevent robots from harvesting your data.

IP Blocking - You also have the option of granting or blocking access to your apps and Data Pages based on IP address. Using this feature, you can limit access to an application to your internal network.

TRUSTe EU Safe Harbor Certified

Caspio Security - TRUSTe En Safe Harbor

Caspio adheres to strict data privacy standards. We are a licensee of the TRUSTe® Privacy Program and abide by the EU Safe Harbor Framework as outlined by the U.S. Department of Commerce and the European Union.

TRUSTe is an independent organization devoted to building users' trust in the internet by promoting the use of fair information practices. We have elected to disclose our information handling practices and have our practices reviewed for compliance by TRUSTe as a testament of our commitment to your privacy.

Note: Use of Caspio Bridge is subject to the Caspio Bridge Terms of Service and Caspio Privacy Policy.

 

Additional Offerings

Caspio HIPAA Solution

Hipaa Compliant Database Security

Caspio also offers a HIPAA-compliant edition that provides additional security features for handling personal health information (PHI). Caspio HIPAA Solution is an entirely separate infrastructure dedicated to ensuring all data and applications are HIPAA-compliant. This edition includes unique capabilities such as data encryption in transit and at rest, audit trail, user management, internal security controls, and more.

Learn more about Caspio HIPAA Solution

©2000 - 2014 Caspio, Inc. All rights reserved. Terms of Use | Privacy Policy | ExpressDB | Sitemap | 877.820.9100