Data center & network security

Asset Infinity servers are hosted at Microsoft Azure Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our co-location cage spaces are physically and logically separated from other data center customers. Data center facilities are powered by redundant power, each with UPS and backup generators.

Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.

All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by Asset Infinity staff. Physical security, power, and internet connectivity beyond co-location cage doors or Azure services are monitored by the facilities providers.​

Asset Infinity asset management software leverages data centers in Europe.

Our globally distributed Security Team is on call 24/7 to respond to security alerts and events.​

Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection and/or Prevention technologies (IDS/IPS) which monitor and/or block malicious traffic and network attacks.

Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.​

Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.

In addition to our extensive internal scanning and testing program, each year Asset Infinity employs third-party security experts to perform a broad penetration test across the Asset Infinity Production Network.​

Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers which notify the Security team based on correlated events for investigation and response.​

Major application data flow ingress and egress points are monitored with Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). The systems are configured to generate alerts when incidents and values exceed predetermined thresholds and uses regularly updated signatures based on new threats. This includes 24/7 system monitoring.​

In addition to our own capabilities and tools, we contract with on-demand DDoS scrubbing providers to mitigate Distributed Denial of Service (DDoS) attacks.

Access to the Asset Infinity Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Asset Infinity Production Network are required to use multiple factors of authentication.

In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.​

Communications between you and Asset Infinity servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.​

All customers of Asset Infinity benefit from the protections of encryption at rest for offsite storage of attachments and full daily backups. Should customers desire to have their primary and secondary DR data-stores encrypted at rest, this is available for purchase at an additional cost. You may contact support for more details.​

Asset Infinity guarantees a 99.9% uptime​

Asset Infinity employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime ensures Service Data is actively replicated across primary and secondary DR systems and facilities. Our co-location databases are stored on efficient Flash Memory devices with multiple servers per database cluster.

Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing.​

With Enhanced Disaster Recovery, the entire operating environment, including Service Data, is replicated in a secondary site to support service resumption should the primary site become fully unavailable.​