Wednesday, February 17, 2016

Introducing SmartSimple Premium Support Services: Taking Personalized Support to the Next Level

At SmartSimple, a good number of new features and enhancements we introduce every upgrade come directly from requests, recommendations and suggestions from our clients. Through our user community, clients provide crucial feedback on how the system works and what would make it work even better.

So when several of our clients indicated they were interested in an enhanced support offering, we put our heads together to come up with a service that was proactive while still being responsive to immediate calls for assistance.


Introducing Premium Support Services
Premium Support Services is designed to offer a more personalized support experience. Clients are provided with a dedicated SmartSimple representative to act as their main point of contact for all support related issues. This adds an additional level of accountability, and provides clients with the peace-of-mind that they have a dedicated resource who is familiar with their specific needs and challenges.

Who should use Premium Support Services?
Premium Support Services has been designed specifically to meet the needs of clients who don’t have an internal IT team or regularly require changes to their system involving hands-on assistance from SmartSimple.

What’s included with Premium Support Services?
  • A named Dedicated Support Representative (DSR) specially trained and intimately acquainted with your system.
  • Regular meetings and on-demand access to our Director of Customer Experience.
  • Up to four hours of configuration services per request.
  • Up to three hours of training per quarter.

What if I have more questions? How do I sign up?
Contact your SmartSimple Account Manager with any questions you may have. They can also help enroll you in Premium Support Services and get you on your way to a more personalized SmartSimple experience. You can also visit the Premium Support Services page on our website for more information.

Wednesday, February 10, 2016

Seven things your Software as a Service (SaaS) provider should be doing to secure your data in the cloud

Strong security practices must be the number one priority for any cloud solution vendor you choose. Without that commitment, there’s a good chance your data will be at risk.


So how do you know if the SaaS (software as a service) provider you’re using or considering choosing has the right security protocols in place to ensure your valuable information is protected? We’ve compiled a list of the top seven security practices any vendor should be using to ensure they’re meeting their obligations to your security.
1. Penetration Testing
Penetration testing assesses how easy or difficult it is to hack into a system. This method uses what’s known in the industry as a White Hat Hacker. White Hat Hackers are ethical computer hackers or computer security experts specializing in testing methodologies to ensure the security of information systems. Their job is to make sure a malevolent hacker can’t access your data, hijack other user accounts or redirect your users to bogus sites, even if they have an actual username and password.


2. Vulnerability Testing
Sometimes confused with Penetration Testing, Vulnerability Testing is an automated process that regularly scans a server to determine if there are any loopholes in the system. It’s an in-depth evaluation that identifies weaknesses and recommends appropriate mitigation procedures.


3. Single Tenant Hosting Option
While hosting in a multi-tenant environment like the cloud is secure, you may be in an industry - such as banking - where a dedicated server is required or desired for an extra level of security. A reputable SaaS provider should be able to offer an option to have your data hosted on your own separate, dedicated server.


4. Disaster Recovery Process (DRP)
Your organization likely has its own DRP for ensuring the continuation of business and recovery of services and information following either a natural or man-made disaster. Your SaaS provider should have one as well. Ideally they should be duplicating your data every evening and storing it in an off-premise location that is well away from the location of the main data storage facility.


5. Authentication Policies
This process is what your organization uses to ensure that whomever attempts to login to your system is who they say they are. Regardless of how stringent or complex your authentication processes are, your cloud provider should be able to match those processes and provide the same level of security.


6. Back-End Management
Back-end management is a shared responsibility between the vendor and you. There are two aspects to consider:
  • Security of the Cloud are the security measures that your cloud service provider implements.
  • Security in the Cloud are the measures you implement to safeguard your applications and their data.


To help our own clients understand this concept better, SmartSimple created a page about Security as a Shared Responsibility.


7. Data Security
Your vendor should make sure that all data is encrypted while it is “at rest”, “in motion” and at the “end point”:
  • At Rest refers to where the data is stored, meaning the server hard disk.
  • At Motion refers to the transfer of data from the server to the client’s browser.
  • End Point means data is properly encrypted and cannot be stored on local hard disks or copied to portable storage devices such as USB keys.


Vendor Transparency on System Security
Any reputable cloud vendor should also be completely open and honest with you about the processes they have in place to ensure your data security. For example, at SmartSimple, our security measures include:
  • Weekly scans for vulnerabilities weekly through our security partner, NetCraft.
  • Reputable third party testing partners scrutinize our systems on an ongoing basis to ensure no one can hack your data.
  • All our hard disks are encrypted with AES 256 – the industry standard algorithm.
  • Data in motion is encrypted using HTTPS (Hyper Text Transfer Protocol Secure) transfer protocols combined with TLS (Transport Layer Security) ciphers to ensure the highest security when transferring data.
  • Our standing as an Amazon Web Services (AWS) Advanced Technology Partner, means our clients inherit the best practices of one of the most secure and widely used data environments.
  • Our backups are stored in secondary locations at least 400 km from our main data locations for extra security in the case of natural disasters.
  • SmartSimple will meet any security policies required by our clients.

If you’d like more information about how SmartSimple secures your grants management, research management or case management data, feel free to contact us by email or give us a call toll free at 1.866.239.0991.