Reliability and security within Exclaimer
Given the current global landscape, we understand that cloud security is a serious issue for many companies. Cloud computing has seen a massive spike due to the shift towards more remote working as a result of the COVID-19 pandemic.
However, this has led to cybercriminals using ever more creative methods to compromise data and disrupt services. At the same time, major geo-political events like Brexit have caused increased uncertainty for many businesses, particularly around how personal data is used.
During this time of great instability, we want to assure all our customers that we take security very seriously. Exclaimer is, and will continue to be, the most secure email signature management solution available. We have a comprehensive approach to managing sensitive information, backed up by resilient security and robust infrastructure powered by Microsoft Azure.
Take a look at the many features we have in place for Exclaimer to ensure the security of your emails and its contents.
The ISO/IEC 27001 Certification
Exclaimer is accredited with the ISO/IEC 27001 for Information Security Management, which it has been since 2016. Awarded by the BSI (British Standards Institution), the gold standard for ISO compliance requirements, this internationally recognized security standard specifically covers the development and supply of our cloud-based email signature management system.
The ISO/IEC 27001 Certification means third-party accredited independent auditors regularly perform thorough assessments of Exclaimer to confirm it operates in alignment with ISO security standards.
Data protection built in
Exclaimer understands that your data is extremely precious and sensitive. We therefore have data protection built into the culture of our organization. From robust internal data protection training, through to external and independent audits, your data always remains safe and secure. Our EULA contains gold-standard levels of protection for you and your business, exceeding the requirements of most global data protection laws.
According to SecurityScorecard, an online organization that measures numerous security/vulnerability metrics across all external facing systems in real-time. Exclaimer has an 'A' rating, making it one of the most secure cloud-based solutions available.
Full GDPR compliance
Exclaimer fully meets the requirements of the EU General Data Protection Regulation (GDPR). It is also regularly audited to ensure total compliance with this regulation. The UK post-Brexit also maintains an equivalent data protection regime that came into effect on 1 January 2021.
Data protection post-Brexit
The UK has now completed its withdrawal from the European Union, having exited the transition period on 31 December 2020. To clarify, this event has no impact on the safe operation of Exclaimer.
For customers based in the European Union (EU) and European Economic Area (EEA), personal data is handled via two datacenters in the Netherlands and Ireland. Therefore, there is no international transfer of data between the UK and EU/EEA. At the same time, our Netherlands office is perfectly placed to deal with any EU/EEA sales queries.
If you need to email our UK headquarters, the EU and UK have a bridging mechanism in place to allow the continued free flow of personal data. This came into effect on 1 January 2021. This will run for up to 6 months until adequacy decisions come into effect, allowing for the ongoing free flow of data from the EU/EEA to the UK.
Updated 18 February 2021
It has been confirmed that data will continue to flow freely from the EU to the UK after 30 June 2020. This is due to the UK being granted data adequacy with the EU.
Exclaimer is tested quarterly to see if it meets PCI data security requirements. This ensure that high security standards are maintained, protecting credit card and other sensitive data.
Exclaimer also does not store any credit/debit card details. When you add a new payment card to your account, you are redirected to the Global Iris payment portal, powered by RealEx Payments. This is secured using a 128-bit SSL Certificate and is one of the most secure ecommerce platforms for online payments.
Optimized and powered by Microsoft Azure
Exclaimer is designed to work exclusively with Microsoft Azure, which is highly trusted by IT professionals worldwide. Azure provides ultimate scalability and flexibility, using the same technologies as Windows.
Knowing that online security is one of the biggest concerns for companies migrating to the cloud, Microsoft has designed Azure with security in mind, creating a compliance framework to meet regulatory requirements.
Measures are in place to ensure that Exclaimer scales with increased number of tenants, maintaining reliability and uptime. All inbound connections are secured through SSL Certificates and TLS, which are constantly checked to meet current cloud standards.
To see this in action, access the Qualys SSL Labs website (www.ssllabs.com), and select the ‘Test your server’ link and type in portal.exclaimer.com. This will provide you with a detailed review of Exclaimer’s certificate and configuration. At the same time, it lets you know that our domains are highly trusted.
Any updates to the Exclaimer service are scheduled to occur ‘out-of-hours’ for each region, minimizing any disruption. Updates are built and tested thoroughly before going into production. Furthermore, this intensive process includes stress testing beyond normal usage.
No code is ever deployed to Azure until it has passed rigorous antivirus checks. In addition, it is scanned by native antimalware on all Azure servers.
99.99% service availability
Exclaimer uses state-of-the-art tools and technologies to ensure 99.99% service availability. The main service is situated in load balanced groups for reliability and scalability purposes. Network and application traffic is therefore distributed across a number of different servers. Our Development and Quality Assurance teams are also continually evolving and developing Exclaimer in line with changes made to Microsoft Azure.
The Exclaimer Service Health page also provides key details on the service and we offer real-time alerts for all customers.
Exclaimer is hosted in 12 active regional Microsoft Azure datacenters globally, meaning your data never leaves your geographic region. The use of multiple active regional datacenters ensures the highest levels of availability for Exclaimer at all times. Each regional datacenter can accommodate traffic for the entire region if necessary. This protects our solution from any local infrastructure issue that could occur with the Azure platform.
West Europe - Netherlands
East US - Virginia
Australia East - NSW
UK South - London
Canada Central - Quebec
Middle East/East Asia - United Arab Emirates
North Europe - Ireland
West US - California
Australia South East - Victoria
UK West - Cardiff
City Canada East - Toronto
Middle East/East Asia - India
Fault handling and failure
Our 24/7/365 monitoring services automatically detect any service alerts, which are configured with escalation chains. The primary goal is to maintain mail flow for all Exclaimer customers using multi-location high availability and load balancing.
If an incident occurs at one of Exclaimer’s two regional datacenters, a comprehensive cross-datacenter system ensures mail flow for all tenants is maintained. In addition, tenant data is continuously synchronized in both datacenters simultaneously, meaning continuity of service.
Safe and secure data security
After subscribing, you grant permission for Exclaimer to read user data from your Azure Active Directory (AAD) or Google Directory. The cached data is stored by Exclaimer and hosted within your assigned regional datacenters.
Data in transit between Exclaimer and Microsoft 365/Google Workspace is encrypted using a combination of RSA-2048-bit asymmetric encryption and a one-time use Rijndael symmetric session key. Rijndael is an algorithm selected by the U.S. National Institute of Standards and Technology (NIST) as the Advanced Encryption Standard (AES). Keys issued are managed through certificates, with several of these being used for encipherment (converting a message into a cipher for encryption and decryption) purposes.
Exclaimer does not actually ‘read’ the message in the traditional sense. The email content is never saved (persisted to disk) or available to Exclaimer personnel.
The addition of a signature via Exclaimer during email processing takes on average around 3 seconds. This means that users will never see any noticeable delay in email delivery times.
All user passwords are also protected using salted password hashing. Therefore, at no point is an unencrypted password ever stored and Exclaimer cannot read these password ‘hashes’.
Enhanced folder security
Signatures can be grouped together and secured from unauthorized access using folders, ensuring they cannot be altered prior to being appended to emails. The ability to add and restrict folders provides great flexibility for managing signature content.
For example, if the signatures in the folder are set to apply to ‘everyone’, but the folder is set to the ‘Marketing’ user group, only the Marketing user group will have the signatures in the folder appended to their emails.
With so much uncertainty in the world right now, we understand the importance security holds for many companies. This is why Exclaimer conforms to the highest industry security standards and best practice guidelines.
Exclaimer was the first email signature management solution provider to be accredited with the ISO/IEC 27001 Certification. Our Azure datacenter capability ensures Exclaimer is hugely resilient, utilizing the most datacenters of any comparable vendor.
At the start of the COVID-19 pandemic, we implemented robust contingency plans such as increasing our datacenter capacity to over 150%. We continue to ensure that we are fully prepared for any eventuality and so will continue to provide the most secure email signature management solution on the market.