Physical & Environmental
Smartling uses Amazon Web Services (AWS) as its computing infrastructure. AWS summarizes its physical and environmental security measures as follows:
- Fire Detection & Suppression
Automatic fire detection and suppression equipment has been installed to reduce risk
- 24/7/365 Power
Fully redundant and maintainable power systems via uninterruptible power supply (UPS) units
- Climate & Temperature
Constant operating temperature for servers and other hardware to prevent overheating and reduce service outage possibility
- Ongoing Management
Preventative maintenance and holistic monitoring to remedy any issues immediately
- Storage Device Decommissioning
Designed to prevent customer data from being exposed to unauthorized individuals
AWS provides significant protection against traditional network security issues utilizing a wide variety of automated monitoring systems to provide a high level of service performance and availability. AWS monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts.
- Distributed Denial of Service (DDoD) Attacks
AWS API endpoints are hosted on large, Internet-scale, world-class infrastructure leveraging proprietary DDoS mitigation techniques.
- Packet Sniffing
AWS inbound firewall service is configured in a default deny-all mode. Smartling configures the firewall to permit only the absolute minimum connectivity required to provide the Smartling services.
- Port Scanning
Unauthorized port scanning is detected by AWS, stopped and blocked. By default, all inbound ports on AWS instances are closed, rendering port scans ineffective.
- Man In the Middle (MITM) Attacks
All of the AWS APIs are available via SSL-protected endpoints which provide server authentication.
Smartling practices test-driven software development, meaning that all code must pass a rigorous series of automated and manual tests before being deployed to production. In addition, a third party performs automated application vulnerability scanning multiple times per week.
- Secure Transmission
All connections to the Smartling services are via SSL 3.0/TLS 1.0, including user logins, user requests, and API calls.
- Cross-Site Request Forgery
All requests are checked for a valid HTTP referer header value.
- SQL Injection
All queries use properly parameterized statements.
- Brute Force Attack Prevention
All passwords are 1-way encrypted, and Smartling automatically disables accounts after a certain number of consecutive failed attempts.
- Cross-Site Scripting
All user input and output is properly escaped, and automated tests verify that application output is properly escaped.
Our security practices have been evaluated as part of our SOC 2, PCI DSS Level 1, and HIPAA attestations. You can request our most recent third-party audit reports by contacting your Smartling account representative. For more detail, please visit our Security Framework page.