Snap Schedule 365 Cloud Security FAQs

Snap Schedule 365 Cloud Security FAQs

We know data security is very important to your business and protecting your data is our top priority. Security is built into Snap Schedule 365 from the ground up with technological safeguards, such as encrypted communications and encrypted data at rest, to enhance the security of our customers’ data. Snap Schedule 365 runs on the Microsoft Azure cloud computing platform which meets a broad set of international and industry-specific compliance standards, such as ISO 27001, FedRAMP, SSAE 16 SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.

The FAQs below provide answers to questions that we anticipate a security conscious user like you would want to know.

Scroll down to see the FAQs or click on the links below to go to specific sections:

Security overview


Where is my Snap Schedule 365 data stored?

We built Snap Schedule 365 on the Microsoft Azure cloud computing platform for reliability, scalability, and accessibility. It stores data for each customer in a Microsoft Azure SQL database on a growing network of Microsoft-managed datacenters. In addition to built-in fault tolerance infrastructure capabilities, Azure SQL Database offers advanced features, such as data encryption, automated backups, Point-In-Time Restore, Geo-Restore, and Active Geo-Replication to increase availability and business continuity.

Our customers’ Azure SQL databases are stored in specific locations in the United States in Microsoft-managed datacenters; they do not float around in the “cloud.” European customers can request to have their databases deployed to Azure datacenters in North Europe (Ireland) and West Europe (Netherlands). The data persistence and thus its “service life” will not change, as long as the customer does not request to do so.

Backups of databases are always located in the same jurisdiction as the data that is used in day-to-day operations, but for security reasons, the two are physically separated.

How secure is the physical facility where my data is stored?

Microsoft Azure cloud computing services are delivered through a network of global datacenters, each designed to run 24 x 7, and each employing numerous measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters are managed, monitored, and administered by Microsoft, and geographically dispersed.

Microsoft datacenters received SSAE16/ISAE 3402 Attestation and are ISO 27001 Certified. Microsoft datacenters are located in non-descript buildings that are physically constructed, managed, and monitored 24-hours a day to protect data and services from unauthorized access as well as environmental threats. Datacenters are surrounded by a fence with access restricted through badge-controlled gates.
Microsoft has a comprehensive approach to protecting cloud infrastructure that includes hardware, software, networks, and administrative and operations staff, in addition to the physical datacenters.

Tell me about Microsoft Azure Cloud Computing Platform standard compliance?

Microsoft Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SSAE 16 SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS. Rigorous third-party audits, such as by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate. For more details, see the compliance information on the Microsoft Trust Center.

Is Snap Schedule 365 HIPAA compliant?

Currently, Snap Schedule 365 is not HIPAA compliant.

Network security


Does Snap Schedule 365 use a system to detect possible intrusions to the database?

Yes, we use Microsoft Azure SQL Database Threat Detection system to monitor, detect and respond to potential threats as they occur by providing security alerts on anomalous activities. https://azure.microsoft.com/en-us/documentation/articles/sql-database-threat-detection-get-started/

Is Snap Schedule 365 protected by firewalls?

Yes, the Snap Schedule 365 is protected by firewalls. Firewalls are deployed between each network segment to isolate and control access among the systems in each tier to prevent potential intruders from directly accessing backend databases.

Can I set up a VPN to access Snap Schedule 365?

No, Snap Schedule 365 is a Web-based application and HTTPS is the only supported protocol. Traffic is encrypted between the user’s web browser (or iOS/Android apps) and Snap Schedule 365 using AES 256-bit SSL encryption.

Are inbound connections to my internal network required to use Snap Schedule 365?

No, all connections are initiated by the client (i.e. you).

Are any special ports required to connect to Snap Schedule 365?

No, all data transfers are done through the HTTPS protocol (443/TCP).

Data storage and retention security


Is my Snap Schedule 365 data isolated and secured from other users?

Yes. Your Snap Schedule 365 data is completely contained in a single Azure SQL database and totally isolated from other users and their data. Database access is restricted to the data owner and no other customers on Snap Schedule 365 can see your data. A contained database is a database that is isolated from other databases on the same server and from the instance of SQL Server/SQL Database (and the master database) that hosts the database.

Is my Snap Schedule 365 data encrypted?

Yes. Snap Schedule 365 uses Azure Transparent Data Encryption (TDE) to help protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and data “at rest”, meaning the data and log files. TDE performs real-time I/O encryption and decryption of the data and log files and protects the keys that are used to encrypt the data with a certificate. This encryption method prevents anyone without the keys from accessing and using the data.
Data transmission between a user’s computer/device to Snap Schedule 365 is always encrypted using HTTPS/SSL with a 2048-bit SSL certificate. This security measure at the transit layer is very much the same as that used by online banking institutions; it protects data transmissions from being hijacked or sniffed over the wire during transfer.

Can a separate encryption key be used for my Snap Schedule 365 database?

No, the system does not support configuring custom encryption keys per customer.

How do I delete my Snap Schedule 365 database?

You can delete the contents of your database using the Schedule Setup command under the Snap Schedule 365 Admin menu.

How long will my Snap Schedule data be kept?

Your data is retained indefinitely as long as your subscription account is active and in effect. Accounts will be “deactivated” upon a user’s request to discontinue the service or if the account is delinquent according to our “Terms of Use.” Databases belonging to deactivated subscription accounts will be permanently deleted.

How often do you backup my data?

Microsoft Azure SQL Database service protects all databases with an automated backup that is retained for a minimum of 35 days. Backup files are always encrypted and stored in geo-redundant storage containers to ensure availability for disaster recovery purposes. Full backups are taken every week, differential backups every day, and log backups every 5 minutes. The first full backup is scheduled immediately after a database is created. Normally this completes within 30 minutes but it can take longer. If a database is already big, then the first full backup may take longer to complete. After the first full backup, all further backups are scheduled automatically and managed silently in the background. The exact timing of full and differential backups is determined by the system to balance the overall load.

User authorization and authentication security


How are Snap Schedule 365 users authenticated?

The system uses an internal user authentication system to authenticate and authorize logins. The user must provide a valid company code, user name, and password to be authenticated.

Does Snap Schedule 365 support any authentication integrations or delegations (single sign on, SSO)?

Not at this time. But we plan to support Microsoft Active Directory (AD) to give an organization’s users single sign-on to Snap Schedule 365 at the end of Q1 2017.

Does Snap Schedule 365 support integration with my internal authentication system for single sign on?

Not at this time.

Is my password stored on Snap Schedule 365 encrypted?

Yes, passwords are stored and encrypted on our secure system.

Does Snap Schedule 365 support password complexity?

Yes,Snap Schedule 365 requires and enforces complex passwords. Since our subscribers control their users and their data, it is important for the users to practice sound security practices by using strong account passwords and restricting access to their accounts to authorized persons.

Does Snap Schedule 365 support biometric or two-factor authentication?

No, only username/password authentication is supported at this time.

Application layer security


How is the Snap Schedule 365 architected?

Snap Schedule 365 is a secured, high-performing, multi-tenancy employee scheduling solution built on the Microsoft Azure cloud computing infrastructure. Snap Schedule 365 Web-facing application is deployed as an Azure App Service that can be easily scaled up or down on demand with high availability within and across different geographical regions. When you log in to use Snap Schedule 365, this Azure App Service connects to your Azure SQL Database running in multi-tenant mode on the same Microsoft Azure cloud platform. The Azure SQL Databases used to support the Snap Schedule 365 application are segregated from the web/application tiers.

What is multi-tenancy software?

Multi-tenancy software is designed to allow multiple customers (users) to access and use the same software simultaneously, in a controlled and segregated manner, such that individual users can access only their own data. User access is controlled through an authentication system.

Was the Snap Schedule 365 platform developed with secure coding and code management best practices?

Yes. We follow industry-standard secure coding best practices throughout the development lifecycle and use the Microsoft Visual Studio toolset for software development. We are a Microsoft certified Silver Application Development Partner.

What measures have been implemented to ensure that the Snap Schedule 365 application layer is secure?

In addition to Microsoft Azure security scanning, we routinely scan the Snap Schedule 365 Web-facing application for vulnerabilities on a weekly basis using Tinfoil security scanners. The tools perform security tests against the OWASP Top 10 Security Threats and other known security holes.

Will my computer antivirus software pose any compatibility issues using Snap Schedule 365?

No. Snap Schedule 365 uses the standard HTTPS protocol and users simply need a web browser and internet connectivity to access and use it. Antivirus software (e.g., McAfee® software) that is installed on the end user’s computer should not have any compatibility issues with our platform as long as one of our supported web browser versions is used to access the system.

Access controls


Who in your company has access to my Snap Schedule 365 data?

Access to client’s data by our personnel is strictly limited to legitimate business need, including activities required to support our clients’ use of Snap Schedule 365. Our support team maintains access to the Snap Schedule 365 applications and its data for maintenance and support. This support team accesses hosted applications and data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request via our support system. Additionally, customers must explicitly invite one of our tech support team members and grant access to their data through Snap Schedule 365 for the team member to access customer’s data.

How is your personnel access controlled?

Accesses to resources are controlled by explicit roles in all environments. Support team members are given appropriate accounts on systems which they are authorized to access, following the “least privilege” principle.

When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if the person continues to be one of our employees. All support team members are individually and contractually required to comply with our data protection and information privacy provisions.

Is my Snap Schedule 365 data disseminated?

No. We do not sell, disseminate, or trade any of your Snap Schedule data. We reserve the right to analyze and map the utilization pattern of users to improve the product, increase availability and service security.

Our Clients

We are proud to serve some of the world's biggest brands

Client_windsor
Client_eastman
Client_ea
Client_duke
Client_cn
Client_cisco
Client_chubb
Client_chesapeake
Client_centralbanktt
Client_caiso
Client_boral
Client_boeing
Client_fresca
Client_ftse
Client_kraft
Client_umich
Client_toronto
Client_tiffany
Client_ruiz
Client_penn
Client_pccw
Client_oldcastle
Client_mtm
Client_ms
Client_metro
Client_magna
Client_l3com
Client_arinc