Security was a key focus point when Zephyr was being created. Our goal was to create a platform that would help our clients avoid the security headaches that plague other systems and cause loss of time and money.
We know that dealing with hacked websites ruins your day. And keeping up with plugins and exploits sucks away time that you could be spending on your firm. This is why we think you'll find Zephyr to be a welcome change.
So how do we protect your website?
The servers that power Zephyr are all on their own private subnet that is not accessible from the Internet. They only communicate in a single manner to each other which is encrypted and requires a corresponding key to authenticate/validate the requested action. All other means of access is refused (not accessible). Access to the databases (main and redundant backups) to perform any action is highly restricted to very specific IP addresses and their own form of encrypted authentication. We also store all events that happen to an item in Zephyr to allow a manual rollback if necessary.
Zephyr's infrastructure is PCI compliant, which is the standard used by the financial services industry (like banks and credit card processors) to ensure data security and integrity.
While Zephyr focuses heavily on security at a platform level, the most vulnerable area of any platform is the users. We enforce two-step authentication for every user to enhance security at the user level. Zephyr also enforces strong passwords to help site administrators avoid using easily-cracked passwords.
Phishing emails are the most common entry point for someone to gain access so we encourage all partners and site administrators to review this with your team to ensure everyone is on the lookout for any suspicious emails, especially anything coming from Zephyr.