Security & Reliability

Enterprise-class Data,
Facilities and Uptime Performance

99.99% Uptime, Enterprise-Class Reliability

ion was designed from the ground up to be an enterprise-class marketing software platform. In both our software architecture and our technical operations infrastructure, we aim to provide an extremely robust, reliable and secure solution on which our customers can depend. We have a six-year track record of delivering four-nines (99.99%) uptime service.

Many leading brands, including financial services and network security firms, have adopted the ion platform after conducting their own independent analysis of our reliability and security.

Western Union uses the ion landing page software platform
“Previously, we had a tool, but no solution. Now, we have a tool and a solution.”— Western Union

Software Security

  • Access to ion admin console only permitted via SSL-secured connections
  • Individual ion manager accounts with independent access control features
  • ion manager account passwords are encrypted as Blowfish 480-bit hashes
  • ion manager account passwords are required to be “strong” with a minimum length and a mix of alphanumeric and symbolic characters
  • SSL 3.0/TLS 1.0 connections supported for respondent sessions and trackbacks
  • Data collected from respondents may optionally be stored encrypted in the database using AES-256 encryption
  • Independent public key cryptography (PKI) employed for key management for the AES-256 encryption service
  • Data exported from ion can be transmitted via secure HTTPS, SFTP or FTPS protocols with configurable authentication credentials
  • Variable IP restrictions can be configured on each individual ion console

Data Security

  • Single-tenant software-as-a-service (SaaS) architecture maintains each customer’s data in their own dedicated database and separate file directories
  • Robust RAID10 redundant hard drives for data and file storage with automatic alerts of potential failures
  • Weekly full backups, daily differential backups of database and file systems
  • 2 week data backup retention policy, secure destruction of expired backups
  • Automated checks for database integrity and index optimization
  • Parameterized queries and stored procedures protect against SQL injection attacks
  • All ion employees are bound by non-disclosure agreements which covers non-public customer information and are trained on the sensitivity of such information
  • Background checks for ion and Rackspace employees

Physical Datacenter Security

  • Rackspace personnel on duty 24/7/52
  • All Rackspace personnel are required to display their identity badges at all times when onsite at Rackspace facilities
  • Two factor authentication is used to gain access to sensitive areas of the datacenter:
    • electromechanical locks are controlled by biometric authentication and key-card/badge
  • Only authorized Rackspace personnel have access to data center facilities
  • Closed circuit video surveillance at all entrance points on the interior and exterior of the building housing the data center facilities

Datacenter Redundancy

  • Redundant HVAC units
  • Redundant lines of communication to telecommunication providers
  • Fire detection and suppression systems (inspected at least yearly)
  • Multiple uninterruptible power supplies (UPS) with N+1 redundancy and instantaneous failover in the event of a primary UPS failure
  • Diesel generators with N+1 redundancy (run at least every 120 days and serviced at least annually by a third-party contractor)
  • Fuel contracts maintained with multiple providers for prioritized resupply of diesel generators
  • Cabinets wired to separate power distribution units (PDU) to provide redundant power
  • Raised flooring to protected hardware and communications equipment from water damage

Network Redundancy

  • Continuous monitoring of connectivity and performance to multiple bandwidth providers, including all routers and switches
  • Full redundant enterprise-class Cisco routing and switching equipment
  • Redundant power to all infrastructure routers and switches
  • Redundant fiber connections to Internet backbone connectivity providers
  • Advanced route optimization technology to provide efficient routing among the multiple backbone carriers connected to the datacenter
  • Servers monitored on a real-time basis for availability via ICMP

Network and Server Security

  • Cisco firewall employed at network perimeter to block all unused protocols
  • Dedicated virtual network (VLAN) for logical segmentation of ion servers within Rackspace’s network infrastructure
  • Distributed-denial-of-service (DDoS) attack mitigation services available
  • Access to ion servers restricted to only an approved subset of ion’s engineering team via secure VPN connections
  • All system administrator access to ion servers logged to an audit trail
  • Anti-Virus Protection is used to scan servers for viruses and infected files are automatically quarantined (Rackspace maintains current virus signature updates)
  • Dedicated/independent IP address for each ion customer

Server/Application Reliability

  • Dedicated failover service paired with Cisco and/or F5 load balancer(s) provides seamless HTTP/HTTPS redirects to customer-specific URL in the instance of an interruption to the ion service
  • Immediate alerts to engineering team in the instance of any such failover, with weekly assigned “on call” engineers as first responders to such events
  • New application software releases go through a five-stage verification process: independent developer verification, QA server test, alpha test, beta test, and engineer-observed final production release
  • Primary server hardware failures are guaranteed to be replaced within 1 hour or less (meanwhile, the failover service would be in effect)
  • Redundant server hardware is available for fast-track replacements
  • Rackspace network and hardware engineers are standing by 24/7/52 for immediate detection and resolution of any such hardware failures
  • ion “sentry” service on each server automatically notifies the ion engineering team in the event of system-level anomalies
  • Centralized monitoring of all ion consoles via a tailored “farm” application that is reviewed daily by ion’s engineering and account management teams
  • Personalized account management service available via telephone and email M-F 9am-5pm ET; a toll-free emergency number for any after-hours incidents that will escalate response 24/7/52