Albatross Security Overview

With the ever growing dependency on information technology, more sensitive information has to be entrusted with vendors and external systems. Albatross promises robust security standards that are continuously enhanced and tested to provide you with solid compliance top-notch security.

Data Center Security

  • Data Centers are SAS 70 Type II / SSAE 16 audited.
  • Tier-1 OC-192 Redundant Internet Backbone.
  • Electronic Access Control Systems with Electronic Cards
  • Surveillance Cameras (in data center and building premises)
  • Facility is designed and monitored to reduce the risk of environmental threats such as power loss, fire, flooding.
  • Secured and monitored by security personnel 24/7

Network Security

  • Periodic Vulnerability Scans and Network QA Checks
  • Hardware Equipment Firmware is patched an updated periodically
  • Configuration Backups
  • Networks are protected with best practice Firewall configurations
  • Explicit Permission ACLs
  • Network Logging and alerts for audit purposes
  • Network is scanned internally for potentially unmanaged devices
  • Firewall Ports are enabled strictly on a need basis
  • Dedicated Management IPs for Network Resources
  • In Transit Encryption of Passwords and Sensitive information
  • Intrusion Detection Devices are setup to monitor and prevent unusual network activity.

Data Backups

  • Backups are Performed Regularly including server backups, database and file system data.
  • Multiple Restore Points are Available to retrieve best version of the data
  • Off Site Data Backups are Performed to further safeguard data in case of a disaster
  • At Rest Encryption of Sensitive HIPAA, PCI and other compliance requirements.

Storage Security

  • Data stored on hosting facilities will be secured via physical and software measures.
  • Databases can be encrypted upon request to comply with compliance regulations.
  • Only key individuals at the company will have access to any customer data per strict security policies.

Server Hardening Procedures

Albatross follows strict server hardening procedures as follows:

  • Avoiding use of insecure protocols.
  • Minimize unnecessary software on your servers.
  • Keep the operating system up to date, especially security patches.
  • Enforcing use of strong password policies.
  • Use Data Encryption for Communications.
  • Applying password expiration policies across the enterprise.
  • Applying automatic account locks out on potential attacks.
  • Applying IP banning on attacks.
  • Disabling root login.
  • Disabling unnecessary services.
  • Minimizing open network ports.
  • Configuring system firewall.
  • Utilizing hardware firewall.
  • Separating partitions.
  • Maintaining server logs.
  • Reviewing log emails daily and investigate suspicious activity on your server.
  • Using brute force and intrusion detection systems
  • Enforcing least privilege security. Limit the user accounts to accessing only what they need.
  • Maintaining proper backups.
  • Setting up Malware and Anti Virus

Log Monitoring

Albatross maintains logs to various aspects of the environment in case an audit is required. Common Logs used:

  • Web Server Logs
  • Authentication Audit Logs
  • Backup logs
  • IIS Logs
  • SQL / Database logs
  • Network Logs

Information Security Policies

Albatross enforces strict Information Security policies to ensure all employees use proper handling of customer information. Information Security Policy is available upon request.

  • Acceptable Use Policy
  • Internet Access Policies
  • Email and Communication Policies
  • Privacy Policy
  • Encryption Policy

Additional Security Inquiries

For additional security information, please contact