Security

Ensuring your clients data remains confidential is crucial for your enterprise, and we've adopted that responsibility. Sleep soundly with the knowledge that our software has been architected following industry-leading security standards.

Evaluation of Security and Regulatory Adherence

Sherpas are committed to ensuring that our software adheres to the highest security standards. We have adopted the OWASP Top 10 as a baseline for our security standards. We also adhere to the OWASP Application Security Verification Standard for our application security verification requirements.

Data centers

Sherpas physical infraestructure is hosted and managed by Fly.io within Equinix providing the physical data centers. Equinix is a global leader in data center and colocation infrastructure. Equinix data centers are compliant with the following standards:

  • SOC 1 Type II

  • SOC 2 Type II

  • ISO 27001

  • NIST 800-53/FI

  • PCI DSS

  • HIPAA

  • ISO 22301

Physical Security

Equinix data centers are designed and managed to satisfy the requirements of the most security-sensitive customers. Equinix data centers are designed to provide the following security features:

  • Restricted Access: Equinix typically utilizes stringent access controls for its data centers. Biometric scanners, keycards, and PINs are typically used to ensure that only authorized personnel can access specific areas of the data centers.

  • 24/7 Surveillance: Equinix typically employs around-the-clock surveillance at their data centers. This can involve security cameras, intrusion detection systems, and on-site security staff to constantly monitor the premises.

  • Physical Barriers: Equinix data centers usually feature physical barriers such as walls, fencing, and secure doors to deter and prevent unauthorized access.

  • Fire Protection: Fire detection and suppression systems are generally a critical part of Equinix's data center infrastructure. These systems can detect and respond to a fire, mitigating potential damage to equipment.

  • Power and Cooling Redundancy: While not directly a security feature, these systems can be critical in protecting data center infrastructure from power failures and overheating, which could otherwise lead to data loss.

  • Seismic Design: In areas with high seismic activity, Equinix typically designs its data centers to withstand earthquakes, protecting the data and equipment stored within.

  • Cabinet and Cage Security: Individual cabinets and cages usually have additional security measures to protect the servers they house.

  • Incident Response: Equinix typically has incident response plans in place for a variety of potential security events, including both physical and cyber threats. These plans allow them to quickly respond to any issues, minimizing potential damage.

Safeguarding Network Integrity

Firewalls

Firewalls serve as a crucial tool for controlling access to systems both from external networks and within the system itself. They operate on a denial-first principle, with all access initially blocked and only specific ports and protocols granted access based on the requirements of the business. Each system is grouped into a specific firewall security category determined by the function it performs. These security groups permit access solely to the ports and protocols required for a system's specific role, which aids in risk reduction.

In addition to network firewalls, host-based firewalls are in place to further enhance security. They prevent customer applications from setting up localhost connections via the loopback network interface, thereby isolating these applications. The capability of host-based firewalls extends to controlling inbound and outbound connections as per requirement.

DDOS mitigation

We have established a robust infrastructure to counteract DDoS attacks. This includes the use of TCP Syn cookies, connection rate limiting, and maintaining surplus internal bandwidth and multiple backbone connections that outperform the bandwidth provided by our Internet carrier. We maintain a close working relationship with our providers to ensure swift action in response to events and activate advanced DDoS mitigation measures when required.

Spoofing and sniffing protection

We have set up managed firewalls to prohibit IP, MAC, and ARP spoofing across the network and among virtual hosts, thus guaranteeing that spoofing is rendered impossible. Packet sniffing is obstructed by our infrastructure, including the hypervisor, which only delivers traffic to the addressed interface. We employ application isolation, OS restrictions, and encrypted connections to manage and mitigate risks at every level of operation.

Protection of Information

In transit

Every data exchange that takes place between your computer and our servers employs industry-standard HTTPS protocol, ensuring that the transmission is encrypted. Independent Qualys SSL Labs have given our HTTPS implementation an A rating, signifying high-quality security standards.

Our SSL certificate applies 2048-bit asymmetric and 256-bit symmetric encryption methods, providing a robust security layer. We've implemented HTTP Strict Transport Security (HSTS) to guarantee that only secure connections are allowed for our website. Notably, our website is recognized and embedded in popular browsers such as Google Chrome, Edge, Firefox or Safari, to facilitate this secure connection.

Our servers make use of Perfect Forward Secrecy (PFS), a security measure that ensures the confidentiality of past communications even if a key used in the long term is compromised. This feature is designed to protect data transmissions, especially for users of modern web browsers.

Two-factor authentication

We offer two-factor authentication (2FA) as an additional layer of security for your account. When 2FA is enabled, you will be required to enter a unique code generated by an authenticator app on your mobile device or SMS in addition to your password when logging in. This code is generated by an authenticator app on your mobile device and is valid for a limited time. This means that even if your password is compromised, your account will remain secure.

Data Preservation

Sherpas is committed to ensuring that your data is preserved and protected. We have implemented a number of measures to ensure that your data is protected from loss, corruption, or unauthorized access.

Data backups

We perform regular backups of all data stored on our servers. These backups are stored in a secure off-site location and are retained for a period of 30 days. In the event of a data loss event, we can restore your data from these backups.

Data replication

We replicate all data stored on our servers to a secondary server in a different geographic location. This ensures that your data is protected in the event of a data loss event at one of our data centers.

Data encryption

We encrypt all data stored on our servers using industry-standard encryption algorithms. This ensures that your data is protected from unauthorized access.

Customer Data Accessibility

Under regular operations, Sherpas personnel do not engage with or access customer data. There are certain circumstances, however, where Sherpas may be required to access customer data.

These include situations where a customer has specifically requested assistance, or where legal requirements necessitate such action. Moreover, to rectify platform issues and for debugging purposes, Sherpas may need to examine customer data.

See Sherpas Wealth in action

Sign up for a demo today and experience the difference Sherpas can make in your practice.

Contact Us

© 2024 Sherpas Wealth, Inc. All Rights Reserved.

See Sherpas Wealth in action

Sign up for a demo today and experience the difference Sherpas can make in your practice.

Contact Us

© 2024 Sherpas Wealth, Inc. All Rights Reserved.

See Sherpas Wealth in action

Sign up for a demo today and experience the difference Sherpas can make in your practice.

Contact Us

© 2024 Sherpas Wealth, Inc. All Rights Reserved.

See Sherpas Wealth in action

Sign up for a demo today and experience the difference Sherpas can make in your practice.

Contact Us

© 2024 Sherpas Wealth, Inc. All Rights Reserved.

See Sherpas Wealth in action

Sign up for a demo today and experience the difference Sherpas can make in your practice.

Contact Us

© 2024 Sherpas Wealth, Inc. All Rights Reserved.

See Sherpas Wealth in action

Sign up for a demo today and experience the difference Sherpas can make in your practice.

Contact Us

© 2024 Sherpas Wealth, Inc. All Rights Reserved.