Security

Maropost is an enterprise-level SaaS based web-application that combines messaging campaign management and deployment across multiple digital channels including email, SMS, mobile app messaging, and social media.

The application is offered as a “hosted rich internet application”. Users require a modern browser, for example IE 7+, Firefox, Chrome, or Safari, to access it. The browser sessions use a 128-bit encrypted SSL connection. The servers are hosted in a secure facility with 24/7 monitoring, redundant power, nightly and real-time backups complying with international standards for data security and management.

Application Security

Maropost has powerful client security controls, including those that allow clients to do the following:

Implement User-level and Organizational-level IP address restrictions. Our platform can bind campaign sends to specific and dedicated IP addresses.

Limit each user’s access to specific functional areas within the application and which actions can be performed within those areas.

Limit visibility to assets within each functional area by use of permissions-based folders.

Restrict 3rd-party API access rights to specific method classes and to specific commands.

Restrict database access rights and secure file transfer site access rights.

Secure Architecture

The Maropost enterprise network uses primarily Cisco networking equipment. Networking equipment is configured consistent with the manufacturers’ best practices for operational stability and security. All servers and the networking equipment is owned by Maropost and operated by a 3rd-party hosting provider.

Security Policy

Secure Transmissions and Sessions

Connection to the Maropost environment is via SSL 2.0/TLS 1.2 ensuring that our users have a secure connection from their browsers to our service. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login required for all communications with Maropost data centers. Maropost hosts a secure FTP server with 128-bit encryption for manual and automated file transfers.

Network Protection

Perimeter CISCO firewalls block unused protocols. Intrusion prevention and detection sensors report events to a security event management system for logging, alerts, and reports and internal access control lists segregate traffic between the application and database tiers.

Monitoring

Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.

Data Centers

Our service is collocated in dedicated spaces at top-tier data centers maintained dedicatedly by our 3rd-party hosting provider. Images used in emails are uploaded to and served by our 3rd-party content delivery network provider.

Disaster Recovery

Maropost performs cross data center replication for disaster recovery. Data is transmitted across encrypted links and disaster recovery tests verify our projected recovery times and the integrity of client data.

Backups

All data is backed up to disk at each data center on a rotating schedule of incremental and full backups. Data is replicated to other data centers via an encrypted tunnel.

Regulatory Compliance

Maropost’s data center hosting provider is ISO/IEC 27001 certified. Both Maropost and its hosting provider maintain PCI-compliant policies and procedures. Maropost’s SaaS platform includes built-in governance that comply with requirements specified by CAN-SPAM, TCPPA, CASL, and PIPEDA. Maropost aggressively enforces its requirement that each of its clients comply with these regulatory specifications. Clients failing to comply will receive a written warning. If practices remain uncorrected, they will have their contract immediately terminated and all access privileges revoked.

Compliancy

Business Continuity & Disaster Recovery

The managed environment is hosted in a High Availability (HA) setup. Each network device, which includes the switches, firewall, and the network interfaces on all of our dedicated servers, for both the internal network(which operates at the speed of 10G) and the external network(which operates at a speed of 1G) have been paired and configured to run in a bonded setup. In case of a failure of a network interface, the other participant of the bonded interface switches over and resumes the network traffic. The firewall and the network switches are configured identically.

Due to this automatic fail over, re-installation of instances on failed hardware can be done without interruption. In the event of a catastrophic failure and ability to only access cross data center backup may require up to 24 hours.