Security Framework

What Is Smartling’s Security Framework?

Smartling’s Security Framework is the foundation in which all other components of our Translation Management System is built. We understand that the confidentiality, integrity, and availability of our customers’ data are vital to their business operations and our own success. To ensure this, all of our security practices have been evaluated as part of our SOC 2, PCI DSS Level 1, and HIPAA attestations (shown above). Additionally, Smartling uses a multi-layered approach to protect that key information, constantly monitoring and improving our physical environments, network, and application.

physical enviornmental security

Physical & Environmental

network

Network Security

Application Security

Application Security

Physical &
Environmental Security

Smartling uses Amazon Web Services (AWS) as its computing infrastructure. AWS summarizes its physical and environmental security measures as follows:

  • Fire Detection & Suppression

    Automatic fire detection and suppression equipment has been installed to reduce risk

  • 24/7/365 Power

    Fully redundant and maintainable power systems via uninterruptible power supply (UPS) units

  • Climate & Temperature

    Constant operating temperature for servers and other hardware to prevent overheating and reduce service outage possibility

  • Ongoing Management

    Preventative maintenance and holistic monitoring to remedy any issues immediately

  • Storage Device Decommissioning

    Designed to prevent customer data from being exposed to unauthorized individuals

Network Security

AWS provides significant protection against traditional network security issues utilizing a wide variety of automated monitoring systems to provide a high level of service performance and availability. AWS monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts.

  • Distributed Denial of Service (DDoD) Attacks

    AWS API endpoints are hosted on large, Internet-scale, world-class infrastructure leveraging proprietary DDoS mitigation techniques.

  • Packet Sniffing

    AWS inbound firewall service is configured in a default deny-all mode. Smartling configures the firewall to permit only the absolute minimum connectivity required to provide the Smartling services.

  • Port Scanning

    Unauthorized port scanning is detected by AWS, stopped and blocked. By default, all inbound ports on AWS instances are closed, rendering port scans ineffective.

  • Man In the Middle (MITM) Attacks

    All of the AWS APIs are available via SSL-protected endpoints which provide server authentication.

Application Security

Smartling practices test-driven software development, meaning that all code must pass a rigorous series of automated and manual tests before being deployed to production. In addition, a third party performs automated application vulnerability scanning multiple times per week.

  • Secure Transmission

    All connections to the Smartling services are via SSL 3.0/TLS 1.0, including user logins, user requests, and API calls.

  • Cross-Site Request Forgery

    All requests are checked for a valid HTTP referer header value.

  • SQL Injection

    All queries use properly parameterized statements.

  • Brute Force Attack Prevention

    All passwords are 1-way encrypted, and Smartling automatically disables accounts after a certain number of consecutive failed attempts.

  • Cross-Site Scripting

    All user input and output is properly escaped, and automated tests verify that application output is properly escaped.

100%

of customers categorized Smartling’s platform security as good or better compared to their previous translation solution.

Source: TechValidate

Our security practices have been evaluated as part of our SOC 2, PCI DSS Level 1, and HIPAA attestations. You can request our most recent third-party audit reports by contacting your Smartling account representative. For more detail, please visit our Security Framework page.