FAQ 013: How secure is the Hosted Edition?
Posted: September 23rd, 2016, 10:13 am
The question of "how secure is the Hosted Edition" falls in to two parts :-
[1] Accessibility
Where is the data stored? Who can access it? What safeguards are in place to ensure security?
[2] Resiliency
How is the data backed up? What happens in the case of hardware failure? What happens if the hosting company (or even Pioneer Software) ceases trading?
ACCESSIBILITY
We only lease servers in UK based data-centres, so no data is ever hosted overseas. We don't use any one specific hosting company, in fact we very deliberately use multiple providers to host our servers which adds to the resiliency (discussed below). If you would like to know exactly which company is being used to host your database and where the data-centre is, then we can provide that information once your account has been created.
Although the technical staff working at the data-centres have access to the physical hardware which hosts the data, they have no access to the data itself - how so? Firstly the data is stored in an encrypted database, so even if someone could get physical access to a ClinicOffice database, without knowing how to decrypt it the data would be useless to them. Secondly, when we provision a server from one of our providers, the first thing we do is lock down and secure access to the operating system, so that only our staff have access to it - not even the hosting company can access the O/S.
Accessing ClinicOffice requires a two-stage authentication process :-
(i) Initiating a remote connection via Microsoft RemoteApp (or Remote Desktop), which uses 128-bit encryption and requires username/password credentials that are only known by the customer and our staff.
(ii) Entering a ClinicOffice username/password combination (stored in your encrypted database) which are known only by yourselves (not even by our staff)
What about Pioneer Software? As a company, we are registered as a "data handler" with the Information Commissioners Office (formerly the Data Protection Agency) - our registration number is Z9867944.
For obvious reasons, our technical staff have full access to the hosted servers we manage and also to the back-end database systems which store our customer's data, however we have strict internal policies in place that we'll only access the data :-
(a) with our client's permission; and
(b) in accord with their instructions; and
(c) for the purposes of "data processing" (in accordance with the DPA).
RESILIENCY
The servers we provision are "cloud-based" rather than being "dedicated". There is no discernable difference to end-users, however behind-the-scenes it means that your data is not stored on one physical machine, but rather it is replicated across a number of a disparate resources with built-in redundancy. If a physical piece of hardware fails, processing is automatically handed over to another redundant implementation. To avoid getting too technical in this FAQ, more information on the subject of "cloud resiliency" can be found here :-
http://whatiscloud.com/index.php/cloud_ ... resiliency
Every night, every hosted database is encrypted and backed up (in its entirety - not incrementally) to a separate dedicated backup server ("dedicated" in the sense of being only used for backups - it's actually another resilient cloud server) which is hosted by a different hosting company in a different data-centre. The backup server always retains the last three complete encrypted backups of every database.
Finally, the backup server itself also runs a continuous backup process, sending encrypted copies of all the backup sets to another UK-based third-party backup service.
In addition to all the automated processes described above, we also run manual audit checks on the backups on a very regular (usually daily) basis to make sure that everything is working correctly. Thus, in the event of a hosting company suddenly going under, or some catastrophic data-centre failure, our client's can be confident that their data is securely stored elsewhere and can be quickly restored to another hosted server.
What about Pioneer Software? Well, we've been doing this for nearly 20 years and have no plans of going anywhere, but in the event of our company ceasing trading, we have long said that we would immediately release customer's databases to them, in an open format which can be imported into another system of their choosing. Given that the Hosted Edition is in fact the "Server Edition" of ClinicOffice (running in a hosted environment), another option would be to simply install a local "ClinicOffice Server Edition" on their own hardware, restore their database locally, and then continue using the system on their own hardware.
Furthermore, unlike some of our competitors who effectively hold customer data to ransom (charging exorbitant prices for data exports), ClinicOffice allows you to export your data quickly and easily to many standard formats (Excel, CSV, XML, Text etc.) whenever you wish. We're also happy to provide a complete data-dump of any Hosted customer's databases (in open format) on request, with no charge.
Hopefully the above information is useful in answering the question "How secure is the Hosted Edition", but if you require any more information or need any clarification, please feel free to contact us (or post below) and we'll be happy to help!
[1] Accessibility
Where is the data stored? Who can access it? What safeguards are in place to ensure security?
[2] Resiliency
How is the data backed up? What happens in the case of hardware failure? What happens if the hosting company (or even Pioneer Software) ceases trading?
ACCESSIBILITY
We only lease servers in UK based data-centres, so no data is ever hosted overseas. We don't use any one specific hosting company, in fact we very deliberately use multiple providers to host our servers which adds to the resiliency (discussed below). If you would like to know exactly which company is being used to host your database and where the data-centre is, then we can provide that information once your account has been created.
Although the technical staff working at the data-centres have access to the physical hardware which hosts the data, they have no access to the data itself - how so? Firstly the data is stored in an encrypted database, so even if someone could get physical access to a ClinicOffice database, without knowing how to decrypt it the data would be useless to them. Secondly, when we provision a server from one of our providers, the first thing we do is lock down and secure access to the operating system, so that only our staff have access to it - not even the hosting company can access the O/S.
Accessing ClinicOffice requires a two-stage authentication process :-
(i) Initiating a remote connection via Microsoft RemoteApp (or Remote Desktop), which uses 128-bit encryption and requires username/password credentials that are only known by the customer and our staff.
(ii) Entering a ClinicOffice username/password combination (stored in your encrypted database) which are known only by yourselves (not even by our staff)
What about Pioneer Software? As a company, we are registered as a "data handler" with the Information Commissioners Office (formerly the Data Protection Agency) - our registration number is Z9867944.
For obvious reasons, our technical staff have full access to the hosted servers we manage and also to the back-end database systems which store our customer's data, however we have strict internal policies in place that we'll only access the data :-
(a) with our client's permission; and
(b) in accord with their instructions; and
(c) for the purposes of "data processing" (in accordance with the DPA).
RESILIENCY
The servers we provision are "cloud-based" rather than being "dedicated". There is no discernable difference to end-users, however behind-the-scenes it means that your data is not stored on one physical machine, but rather it is replicated across a number of a disparate resources with built-in redundancy. If a physical piece of hardware fails, processing is automatically handed over to another redundant implementation. To avoid getting too technical in this FAQ, more information on the subject of "cloud resiliency" can be found here :-
http://whatiscloud.com/index.php/cloud_ ... resiliency
Every night, every hosted database is encrypted and backed up (in its entirety - not incrementally) to a separate dedicated backup server ("dedicated" in the sense of being only used for backups - it's actually another resilient cloud server) which is hosted by a different hosting company in a different data-centre. The backup server always retains the last three complete encrypted backups of every database.
Finally, the backup server itself also runs a continuous backup process, sending encrypted copies of all the backup sets to another UK-based third-party backup service.
In addition to all the automated processes described above, we also run manual audit checks on the backups on a very regular (usually daily) basis to make sure that everything is working correctly. Thus, in the event of a hosting company suddenly going under, or some catastrophic data-centre failure, our client's can be confident that their data is securely stored elsewhere and can be quickly restored to another hosted server.
What about Pioneer Software? Well, we've been doing this for nearly 20 years and have no plans of going anywhere, but in the event of our company ceasing trading, we have long said that we would immediately release customer's databases to them, in an open format which can be imported into another system of their choosing. Given that the Hosted Edition is in fact the "Server Edition" of ClinicOffice (running in a hosted environment), another option would be to simply install a local "ClinicOffice Server Edition" on their own hardware, restore their database locally, and then continue using the system on their own hardware.
Furthermore, unlike some of our competitors who effectively hold customer data to ransom (charging exorbitant prices for data exports), ClinicOffice allows you to export your data quickly and easily to many standard formats (Excel, CSV, XML, Text etc.) whenever you wish. We're also happy to provide a complete data-dump of any Hosted customer's databases (in open format) on request, with no charge.
Hopefully the above information is useful in answering the question "How secure is the Hosted Edition", but if you require any more information or need any clarification, please feel free to contact us (or post below) and we'll be happy to help!