Our Security Measures
We use Intervals to manage the Intervals development process, resulting in over seven years of projects, milestones and tasks. We believe in solidarity, and apply the same level of integrity and scrutiny to our customers’ data as we do our own. With our own data on the line, you can bet we take security seriously.
The Data Center:
More than just a Series of Tubes
Our servers are hosted with SoftLayer in the United States. The data center is SAS 70 Type II and SSAE 16 compliant. The data center and network infrastructure are complete with power redundancy, HVAC, fire suppression, restricted access, network connectivity and 24x7 security monitoring.
The network layer is continually filtered and monitored for potential denial of service attacks. Firewalls on each server are locked down tightly, allowing only necessary services to pass through.
Keeping the Software Safe
Intervals’ developers are continually optimizing the application layer for security and performance. We implement up-to-date safeguards against common attacks such as SQL injections and cross site scripting. And we adhere to coding guidelines set forth by the OWASP project.
Our servers undergo quarterly security scans by the McAfee PCI Certification Service to meet the requirements of Visa and MasterCard’s Payment Card Industry (PCI) Data Security Standard. Server scans use a three-step process that includes dynamic port scanning, port-level network services vulnerability testing, and web application vulnerability testing.
All plans include 256-bit SSL connectivity that encrypts data before it is sent to, and received from, our servers. In addition to SSL, Intervals encrypts project note data deemed sensitive by our customers.
Every component of the Intervals infrastructure is under continuous monitoring from multiple different geographical locations. Our system administrators are on call 24x7 to respond to any interruption the moment it is detected.
We are thankful for the open source community and its shared knowledge of Internet security. At Intervals, we rely on their contributions—Nagios, Suhosin, Cacti, Monit—to monitor and protect our software. We also use paid services Scout and Hostguardian and we won't mention what services are used to monitor the other services because making sure everything is up and running as expected is critical.
Redundancy and Backups
Intervals is hosted on redundant web and data servers with fail-over protection to ensure high availability. Customer data is backed up in real-time, then backed up again to a secure, off-site location each night. This level of redundancy provides a necessary safeguard against worst-case scenarios and protects our customers from data loss.
In addition to the database, any documents uploaded to your Intervals account are encrypted and backed up to redundant servers.
Chasing the Sun
Our customers are located in over 100 countries in every time zone (except for one oddly enough) around the world. The sun never sets on our customers, making it critical for Intervals to remain secure and online every minute of the day.