Security

Unmatched Asset Management Features

Data center & network security

We ensure the confidentiality and integrity of your data with industry best practices. Asset Infinity servers are hosted at Microsoft Azure Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. And just like our customer support, our Security Team is on call 24/7 to respond to security alerts and events.

Physical security
Facilities Asset Infinity servers are hosted at Microsoft Azure Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our co-location cage spaces are physically and logically separated from other data center customers. Data center facilities are powered by redundant power, each with UPS and backup generators.
On-site Security Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.
Monitoring All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by Asset Infinity staff. Physical security, power, and internet connectivity beyond co-location cage doors or Azure services are monitored by the facilities providers.​
Location Asset Infinity leverages data centers in Europre.
Network security
Dedicated Security Team Our globally distributed Security Team is on call 24/7 to respond to security alerts and events.​
Protection Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection and/or Prevention technologies (IDS/IPS) which monitor and/or block malicious traffic and network attacks.
Architecture Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.​
Network Vulnerability Scanning Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
Third-Party Penetration Tests In addition to our extensive internal scanning and testing program, each year Asset Infinity employs third-party security experts to perform a broad penetration test across the Asset Infinity Production Network.​
Security Incident Event Management (SIEM) Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers which notify the Security team based on correlated events for investigation and response.​
Intrusion Detection and Prevention Major application data flow ingress and egress points are monitored with Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). The systems are configured to generate alerts when incidents and values exceed predetermined thresholds and uses regularly updated signatures based on new threats. This includes 24/7 system monitoring.​
DDoS Mitigation In addition to our own capabilities and tools, we contract with on-demand DDoS scrubbing providers to mitigate Distributed Denial of Service (DDoS) attacks.
Logical Access Access to the Asset Infinity Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Asset Infinity Production Network are required to use multiple factors of authentication.
Security Incident Response In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.​
Encryption
Encryption in Transit Communications between you and Asset Infinity servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.​
Encryption at Rest All customers of Asset Infinity benefit from the protections of encryption at rest for offsite storage of attachments and full daily backups. Should customers desire to have their primary and secondary DR data-stores encrypted at rest, this is available for purchase at an additional cost. You may contact support for more details.​
Availability & continuity
Uptime Asset Infinity guarantees a 99.9% uptime​
Redundancy Asset Infinity employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime ensures Service Data is actively replicated across primary and secondary DR systems and facilities. Our co-location databases are stored on efficient Flash Memory devices with multiple servers per database cluster.
Disaster Recovery Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing.​
Enhanced Disaster Recovery With Enhanced Disaster Recovery, the entire operating environment, including Service Data, is replicated in a secondary site to support service resumption should the primary site become fully unavailable.​

Application security

We take steps to securely develop and test against security threats to ensure the safety of our customer data. In addition, Asset Infinity employs third-party security experts to perform detailed penetration tests on different applications within our family of products.

Secure development (SDLC)
ASP.NET MVC Framework Security Controls Asset Infinity utilizes ASP.NET security controls to limit exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.​
QA Our QA department reviews and tests our code base. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Separate Environments Testing and staging environments are separated physically and logically from the Production environment. No actual Service Data is used in the development or test environments.​
Application vulnerabilities
Dynamic Vulnerability Scanning We employ a number of third-party, qualified security tools to continuously dynamically scan our applications against the OWASP Top 10 security flaws. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.​
Static Code Analysis The source code repositories for Asset Infinity, for both our platform and mobile applications, are continuously scanned for security issues via our integrated static analysis tooling.
Security Penetration Testing In addition to our extensive internal scanning and testing program, each quarter Asset Infinity employs third-party security experts to perform detailed penetration tests on different applications within our family of products.​

Product security features

We make it seamless for customers to manage access and sharing policies with authentication and single-sign on (SSO) options. All communications with Asset Infinity servers are encrypted using industry standard HTTPS over public networks, meaning the traffic between you and Asset Infinity is secure.

Authentication Security
Authentication Options We support Asset Infinity sign-in authentication options built on ASP.NET MVC and ASP.NET Web API technologies.
Single sign-on (SSO) Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials for your Asset Infinity instance. Security Assertion Markup Language (SAML) is supported.
Secure Credential Storage Asset Infinity follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.
API Security & Authentication The Asset Infinity API is SSL-only and you must be a verified user to make API requests. You can authorize against the API using either basic authentication with your username and password, or with a username and API token. OAuth authentication is also supported.​
Allow us to enhance your business
Schedule a demo Start Free Trial