Security

Thank you. A representative will be with you shortly.
or call us+44 (0)20 3384 2158

Inside Intermedia’s Worry-Free Experience™

What does it mean to have "worry-free" security?

Intermedia invests considerable human and capital resources to ensure levels of security and protection in which you can have full confidence. We’re SOC 2 audited company-wide, which attests to our high standards for security—including product security, network security, infrastructure security and privacy protection.

TrueCar's Mike Guthrie: Creating efficiencies by outsourcing email security

Mike Guthrie, CFO of TrueCar, explains how organizations benefit from trusting their email to a provider with top-notch security credentials. With security as a core pillar of our business, Intermedia helps ensure that confidential email data remains safe and secure.

It seems that every day brings another story of a massive hack or unprecedented data breach. And while big businesses make the most news, small businesses have just as much to fear. According to the National Small Business Association, half of 675 small businesses they surveyed reported being victims of hackers in 2014—with the average cost of the hack costing them more than $20,000.

“Security remains the paramount concern for enterprises dealing with the transition to cloud-based computing services," says Peter Ffoulkes, Research Director, Servers and Virtualization and Cloud Computing, "whether they are private on-premises or public off-premises offerings."

These numbers suggest that every business should be concerned about security. But that doesn't mean you have to lose sleep over it. Security is one of the cornerstones of our Worry-Free Experience. We understand that if you're to trust us with your data, you need to understand how we'll protect it. Vigilance is essential to keeping your business safe. This page is here to answer your most vigilant and critical questions about the full breadth of security that Intermedia provides, from our internal processes to specific product features. 

Validation for our security and protection claims

Any cloud provider can claim to be secure. We have consulted with a number of independent sources to validate the claims we make. Click each cell to learn more about each one.

At-a-glance: Intermedia's top security features

We recently surveyed more than 225 Intermedia customers (ranging up to 1,000+ employees), to learn more about their security concerns. Based on their responses, we identified the top features we provide to address their most pressing security concerns.

Top 5 Cloud Security Features
  1. We have off-site backups of your data
  2. You can choose where your data is stored
  3. We can facilitate compliance with regulations
  4. We help you keep data safe from current and/or former employees
  5. We can provide you with single sign-on—free
Top 5 Mobile Security Features
  1. Secure access to corporate data
  2. Anti-malware protection via link scanning
  3. Remote wipe of all company data on mobile devices
  4. Remote wipe of select company data on mobile devices
  5. Password complexity enforcement

Security and protection across seven pillars

Click each cell below to see comprehensive security details for each of our seven security and protection pillars.

Data security, including encryption and access control
Server-side and client-side backups
Endpoint protection for PCs, mobile devices and voice services
Identity protection
Infrastructure security
Privacy and control over data
Security management
Email encryption
  • In transit: TLSv1.2
  • Advanced encryption with Policy-based Encrypted Email and Secure Mail
  • At rest: Bitlocker® (available on some versions of Exchange)
Chat & conferencing encryption
  • In transit: SSL/TLS
  • At rest: Chat transcripts are encrypted if saved in an Outlook® folder (feature enabled by user)
SecuriSync® file sharing and backup
  • In transit: SSL/TLS
  • At rest: Account-level encryption keys 
Voice encryption
  • In transit: Secure Voice (SRTP)
Single sign-on (Intermedia AppID®)
  • Multiple layers of encryption are used to protect data in transit
  • Server and client use a combination of 2048-bit asymmetric encryption (RSA) for communication and 256-bit symmetric encryption (AES) for sensitive data
  • All communication is over HTTPS secured by TLS, and is locked to a specific session
  • Passwords are stored server-side, hashed and salted, using an adaptive function with multiple rekeying rounds.
Email Archiving
  • In transit: SSL
  • At rest: AES-256
McAfee Data Loss Prevention
  • Filters outgoing email to help ensure sensitive information or undetected viruses don’t leave a user’s outbox
    Exchange Plus backup
    • Intermedia retains at least 2 copies of your data
    • These copies reside on physical disks in separate corners of our database quadrant
    • This ensures service availability in the event that a storage unit experiences a failure
    • This design makes it highly unlikely that corrupt data will replicate from one copy to another
    Outlook Backup
    • Customer-manageable backups
    • Customize-able Backup Schedules for reoccurring backup jobs
    • Retention policy options to help manage storage
    • Available options to download and upload PST backups from HostPilot® or through any FTP clients
    SecuriSync file sharing and backup
    • Customer data is stored on EMC Isilon NAS which consists of 2 sets of 3 redundant storage nodes
    • Data is configured for N+2:1 redundancy to sustain both disk drive and node failures
    • There at least 2 copies of each customer file
    • Data is additionally protected by snapshots which are scheduled once a day
    • Each snapshot is retained for a month
    Email Archiving
    • 3 copies of archived data, located in multiple datacenters
    Lync®/Skype for Business®:
    • PC clients with conversation history enabled can use Outlook Backup to backup their conversations
    SecuriSync:
    • Real-time sync/backup of all files in the My SecuriSync folder
    • Versioning - real-time backup of all subsequent changes to files
    • Recycle Bin for content protection (policy: prevent permanent deletion of files by end-users)
    • Simple Admin (Admin File Management) or end-user driven restore
      • Lost/Damaged device: Install SecuriSync and authenticate using AD creds. All files will be automatically restored to the device
      • Deleted Files: Restore deleted files from SecuriSync Recycle Bin. Permanent file deletion can be disabled by administrators
      • Old Versions: Restore any version from file version history
    Email
    • AntiSpam (McAfee/SpamStopper)
    • AntiVirus (McAfee/SpamStopper)
    • White/Black lists (McAfee/SpamStopper)
    • Click Protect (anti-malware/anti-phishing for URLs): (McAfee)
    • Email Continuity (Disaster Recovery)— (McAfee)
    • Email Authentication(SPF/TLS/DKIM)—(McAfee)
    • SecuriSync: remote wipe of PCs
    Mobile security (MDM)
    • ActiveSync and Blackberry® remote device wipe
    • Device management polices to enforce password requirements
    • Device timeout period
    • Device encryption
    • Other message settings, including maximum retention time on device, size and attachment restrictions
    • SecuriSync: remote wipe of data on mobile devices and PCs
    • Advanced: Intermedia offers integration with well-known MDM vendors (some only available with Private Cloud)


    •  

    Internally, Intermedia maintains systems and processes to detect and respond to any suspicious and/or malicious activity within our corporate network.

    Ability to selectively enable service for end-users
    HostPilot
    • Role-based admin access for control panel
    • IP white listing/restrictions for accessing control panel
    Email
    • Granular sharing permissions
    • Custom IP restrictions (Private Cloud only)
    • Email retention policy
    SecuriSync
    • Granular sharing permissions
    • Password-protected web-links
    • Mobile app pass-codes (iOS/Android™/BlackBerry)
    • Admin file management (provides admin visibility into user content)
    • External sharing policies (Pre-approve vs Manually approve external sharing)
    • User decommissioning (By disabling SecuriSync for an end-user, an admin restricts future access and retains all user files)
    • Endpoint decommissioning
    AppID Enterprise
    • App shaping (application feature control) in third-party apps
    • Audit Log in third-party apps
    • Group access to shared credentials (securely share a common login to web applications, e.g. corporate Facebook presence)
    Password management

    Password management is very granular, based on user role.

    • We support password management options for HostPilot, Partner Portal Admins and Active Directory Users.
    • Both users and admins can reset their passwords, with the new one sent via cellphone or email address
    • "Reset password on next login" available for both Admins and Users. (Admins are able to define who will have to reset password on the next login.)
    • HostPilot admins have the following options:
      • Restrict password management by users themselves
      • Sync passwords from custom Active Directory based on the UserPilot.
    • "Password meter" functionality for measuring password complexity/security is available
    • To comply with CPNI regulations, password changes trigger an email notification to the owner of the password
    • During onboarding, passwords are sent to admins in an encrypted file; the code to open the file is sent separately via SMS
    Password policies
    • Admins, partners and Active Directory users can be subject to password policies
    • Admins can apply a default policy or build custom policies
    • The following fields are available for customization
      • Minimum password length
      • Password expiration period
      • Allow/deny reuse of existing passwords
      • Lock user after several wrong login attempts
    Single sign-on and Cloud IAM

    AppID provides an option to securely store web application passwords so that users only have to remember a single password

    Cloud Access Security Brokers

    AppID Enterprise is a fully featured cloud access security broker.

    Context Aware Policies

    AppID Enterprise allows organizations to implement context aware policies, based on user, group, device, network, and geolocation.

    Two-factor Authentication (2FA)

    2FA within Intermedia AppID supports the following:

    • Intermedia VeriKey app: Push notification via iOS and Android smartphone app.
    • SMS text message
    • Voice call
    • Intermedia VeriKey: One-time passcode
    • Google Authenticator: One-time passcode
    Login experience
    • Captcha on the login page (only select pages)
    • Prevent dictionary attacks by locking users after several wrong attempts
    Privileged user management
    • Internal administrator activities are logged and internal administrator access is routinely reviewed
    • HostPilot allows customers to review logs of admin activity on their own account
    • Administrator activity within AppID is logged separately
    Multi-tenant platform security
    • Multiple redundant, enterprise-class firewall systems
    • Multiple redundant carrier grade intrusion protection systems (IPS)
    Perimeter/network security
    • Intrusion prevention and detection
    • Network access control
    • Enterprise-class firewalls
    Physical security
    • Closed-circuit TV
    • Secure access policies
    • Security guards
    Employee security
    • Background checks
    • Two-factor authentication
    • Role-based access control
    • Restricted server access
    DDoS protection
    • Redundant Internet service providers
      • Mitigates the potential impact of DDoS attacks
    • All Intermedia services are protected by 24x7x365 DDoS mitigation services from leading provider
    Account protection

    Stringent caller identification procedures authenticate a caller’s identity during support and service calls

    Secure Email Gateways

    Every email sent and received by Intermedia is filtered and vetted by our secure email gateways

    Incident response

    Alerting and monitoring within our security operations center

    Dedicated, full-time security staff manage all aspects of security, including:
    • Log correlation and event monitoring
    • Incident response
    • Managing intrusion detection systems (both host and network)
    • Perimeter defense
    • Service and architecture testing
    • Source code reviews
    • Vulnerability Management
    Privacy protection and data protection frameworks

    Intermedia maintains a comprehensive privacy policy. In addition, we are registered with the US Department of Commerce as compliant with US-EU and US-Swiss Safe Harbor frameworks, which were created to bridge the gap between US and EU/Swiss data protection and privacy standards. All our EU and US customers benefit from this level of protection.

    “Mining” identifiable customer data for 3rd-party advertising

    Identifiable customer data never gets “mined” to serve third-party ads.

    Customer choice of data location
    • Customers can choose their primary datacenter region to eliminate lag or comply with national regulations
    • Customers can locate their data in two datacenters to eliminate lag
    Data jurisdiction/residency

    Data storage location will not move across national borders without your consent.

    Protection against surveillance

    Intermedia does not provide government agencies with direct access to our network, applications or systems. When we do receive subpoenas, we defend our customers’ right to privacy by ensuring that every request complies with the law and by only providing the minimum required information.

    Private cloud availability

    Private clouds are available for customers that want customized security or integrations.

    Security information and event management
    • Logs are centrally collected from our services
    • Automated monitoring and alerting is performed to identify suspicious events
    Event notification
    • Account contact gets notified when critical security preferences are changed (coming in next release of HostPilot)
    Event log analytics tool
    • Event log of changes made on account from HostPilot/Partner Portal.
    Audit trails
    • SecuriSync: Admins can view detailed event logs for all file activity
    • AppID Enterprise: Allows admins to enable granular audit logs for any web app
    Internal security practices
    • Threat intelligence
    • Vulnerability management
    • Patch management
    • Network and application penetration testing
    • Code reviews (automated and manual)
    • Network forensics
    • Incident response

    Let’s get started

    CHAT
    x

    Hello.
    Can one of our solutions specialist answer any questions for you?