Atera understands that the confidentiality, integrity, and availability of our customers' information are vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes to meet the growing demands and challenges of security.
Secure Data Centers
Our service is deployed in Microsoft Azure top-tier data centers. These facilities provide carrier-level support, including:
Access control and physical security
- 24-hour manned security, including foot patrols and perimeter inspections
- Biometric scanning for access
- Dedicated concrete-walled Data Center rooms
- Computing equipment in access-controlled steel cages
- Video surveillance throughout facility and perimeter
- Building engineered for local seismic, storm, and flood risks
- Tracking of asset removal
- Humidity and temperature control
- Redundant (N+1) cooling system
- Underground utility power feed
- Redundant (N+1) CPS/UPS systems
- Redundant power distribution units (PDUs)
- Redundant (N+1) diesel generators with on-site diesel fuel storage
- Concrete vaults for fiber entry
- Redundant internal networks
- Network neutral; connects to all major carriers and located near major Internet hubs
- High bandwidth capacity
Fire detection and suppression
- VESDA (very early smoke detection apparatus)
- Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression
Secure Transmission and Sessions
Connection to the Atera environment is via SSL/TLS cryptographic protocols, using global step-up certificates, ensuring that our users have a secure connection from their browsers to our service.
Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.
Login IP Restrictions in Atera
Login IP Ranges limit unauthorized access by requiring users to log in to Atera from designated IP addresses — typically your company network, designated customer networks or VPN. By using Login IP Ranges, admins can define a range of permitted IP addresses to control access to Atera. Those who try to log in to Atera from outside the designated IP addresses will not be granted access.
Two-Factor Authentication requires that all login attempts have both login credentials and a second authentication factor. This is achieved by enabling the capability under the Admin configuration. Login attempts that do not have valid credentials from both sources will not be granted access to Atera.
Perimeter firewalls and edge routers block unused protocols within the Azure environment.
Internal firewalls segregate traffic between the application and database tiers.
Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports.
The Atera service performs real-time replication to disk at each data center, and near real-time data replication between the production data center and the disaster recovery center.
Data is transmitted across encrypted links.
Disaster recovery tests verify our projected recovery times and the integrity of the customer data
Atera tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities.
Once an Agent is deployed, a unique Key is assigned to it. This key is used for authentication purposes. All communications between Agents and Atera’s Cloud are verified by this unique Key and conducted via secure socket layer/transport layer security (SSL/TLS).
Hardware and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only its related information.
Multi-tenant security controls include unique, non-predictable session tokens, configurable session timeout values, password policies, sharing rules, and user profiles.
All customer data within the Atera Database is encrypted with a 256bit encryption protocol.
Remote Control Tunneling
While using the Atera Remote Control tool, a virtual tunnel is created between the Atera user and the target computer. All data transferred between the User and the Agent is encrypted. Both the Atera User & Agent connect only via UDP port 443.