Syncplicity Business Edition delivers a highly secure and dependable file management platform built to meet the requirements of businesses. Ensuring customer data is safe and available are of the utmost importance. In order to achieve the goal of security, Syncplicity’s service is built upon many years of experience and uses multiple levels of defense-in-depth to ensure end-to-end confidentiality of customer data.

Hosting Cerifications

All of Syncplicity’s servers are housed in data centers that have successfully completed a SAS70 Type II audit and testing from independent auditors. SAS70 certifies that each data center has met rigorous requirements around physical security, physical access, and internal controls.

Network and Storage Security

All data being transported or stored within Syncplicity is encrypted with the highest levels of encryption available for each phase of its lifecycle to protect files the moment they leave a client’s computer. Data in flight and at rest are encrypted using military grade AES encryption set to its highest 256bit level.

AES-256 SSL encryption is used for all authenticated website access, as well as client interactions with the service backend.

All files within Syncplicity are stored with AES-256 encryption using a strongly generated key that is unique to each file revision. In the unlikely case of a brute-force compromise of a given key or a weakness found within the AES encryption algorithm itself, the combination of using the highest level of AES and a unique key per file revision substantially increase security by increasing the level of work required for a compromise and by limiting the potential scope of vulnerability to a single file revision.

All files are stored multiple times in multiple data centers to ensure continued availability. If a file is deleted, the encrypted file itself will be removed from storage and the related encryption key for each of its associated file revisions will be destroyed. When storage is decommissioned, all current providers use the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual”) or NIST 800-88 (“Guidelines for Media Sanitation”) to destroy the encrypted customer files as part of the decommissioning process.

Internal networks are kept clearly divided from external networks and are protected by industry standard firewall and proxy configurations to prevent unauthorized direct access.

Two Data Center Policy

For an additional layer of security, Syncplicity maintains all servers responsible for authentication and encryption key management in a separate data center from the data centers housing the encrypted file data. The encrypted file data and proper file version encryption key are brought together only on an as-needed basis and in a tracked manner. By keeping the encryption key completely separate from the file vault, Syncplicity provides a higher level of security by not having a single point of compromise.

Internal Controls and Process

To ensure proper internal controls on access to customer files, employee access to the Syncplicity infrastructure is controlled and managed. Systems are monitored for security issues and software updates.

Syncplicity only provides data center access to employees who have a legitimate business need. When an employee no longer has a business need, access is immediately revoked. Additionally, employee access to both authentication and key management data centers and encrypted file storage data centers is tightly controlled to prevent any potential unauthorized disclosure of customer data.