Which encryption algorithms do you use?
Advanced Encryption Standard (http://en.wikipedia.org/wiki/Advanced_Encryption_Standard) and RC4 (http://en.wikipedia.org/wiki/RC4)
Can I use the web clients over SSL?
You can connect to the Supportworks instance using the web client and web selfservice. Both of these client support SSL (Secure Socket Layer).
Which secure email protocols are supported?
Connections between Supportworks and the designated POP3, IMAP4 and SMTP mail services can be secured using either of the industry standard cryptographic protocols: SSL (Secure Socket Layer) or TLS (Transport Layer Security).
Is secure LDAP supported?
Do you support secure FTP?
A secure FTP server is set up on each Supportworks instance. FTP access is provided to allow users to upload scripts and data for import, and for customising self service.
FTP accounts are locked down so that only certain sites can access the FTP server.
Are strong passwords used?
All passwords chosen by the Hornbill Technologies in setting up the Supportworks server are strong, containing a mixture of uppercase, lowercase and special characters.
Do you support password policies?
As part of the work undertaken to set up your instance, we can configure Supportworks to authenticate analysts against your internal Microsoft AD server. Password policies can then be enforced as per the Microsoft policies you currently have in place.
How are passwords stored in the database?
All passwords are stored in encrypted form
Do I have access to the server running the Supportworks instance?
Only the Hornbill Technologies Cloud Support Team has remote desktop access to the server, which they need for server administration. For additional security, remote access is only possible from within the Hornbill network.
Do you apply any hardening to the Supportworks server?
The Windows servers are locked down so that only those Windows services that are needed are enabled. In addition, the firewalls on the servers are configured so that only those ports that need to be open are open.
Additional security lock downs are applied to the Apache webserver and MySQL server associated with each customer instance.
Do you adhere to any security standards?
Hornbill Technologies is currently undergoing ISO 27001 (http://en.wikipedia.org/wiki/ISO/IEC_27001) accreditation with a view to being fully accredited by September 2012