Secure Data Centers
Our service is collocated in dedicated secure cages in top-tier data centers. These facilities provide carrier-level support, including:
Security
- 24×7 monitoring by closed-circuit cameras and onsite guards
- Data center space is physically isolated and accessible only by specified administrators
- Access is restricted to authorized personnel through biometric two-factor authentication
- Fully-managed, hardened, stateful inspection firewall technology
- Fully-managed Intrusion Detection System (IDS)
- Edge-to-edge security, visibility and carrier-class threat management and remediation utilizing Arbor Networks Peakflow to compare real-time network traffic, immediately flagging anomalies such as:
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, worms or botnets
- Network issues such as traffic and routing instability, equipment failures, or misconfigurations
- 24x7x365 Firewall, VPN, and IDS support and maintenance
- Security Incident Response Team (SIRT) to handle reports of security incidents
Power and Environment
Redundant UPS and generator backups for all systems HVAC (Heating Ventilation Air Conditioning) systems arranged in an N+1 redundancy configuration Automated controls that provide the appropriate levels of airflow, temperature, and humidity.
Fire Detection and Suppression
Multi-zoned, dry pipe, water-based fire suppression systems Monitors to sample the air and provide alarms prior to pressurization Dual-alarm activation necessary for water pressurization Water discharge specific to fire alarm location.
Flood Control and Earthquake
All facilities built above sea level with no basement areas Moisture barriers on exterior walls Dedicated pump rooms for drainage/evacuations systems Moisture detection systems Location-specific seismic compliance All facilities meet or exceed requirements for local seismic building codes.
Secure Transmission and Sessions
Connection to the Xactly product environment is via TLS 1.2, using global step-up certificates, ensuring that our users have a secure connection from their browsers to our service Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.
Network Protection
Perimeter firewalls and edge routers block unused protocols Internal firewalls segregate traffic between the application and database tiers A third-party service provider continuously scans the network externally and alerts changes in baseline configuration.
Disaster Recovery
The Xactly product service performs real-time replication to disk within the data center for business continuity purposes, and offsite data storage at a secure facility for disaster recovery purposes. Note also the following: Data is transmitted across encrypted links Disaster recovery functionality is exercised regularly to verify projected recovery times and the integrity of customer data.
Backups
All data is backed up at each data center, on a rotating schedule of incremental and full backups. The backups are then replicated over secure links to a secure archive.
Internal and Third-party Testing and Assessments
Xactly tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly, including:
- Web application vulnerability assessments
- Network vulnerability assessments
- Selected penetration testing and code reviews
- Security control framework review and testing
Security Monitoring
Xactly Operations monitors notifications from various sources and alerts from internal systems to identify and manage threats. Potential threats are logged and investigated as part of the Xactly Incident Management Process.