Reliability and security within Exclaimer (Updated 2024)
24 September 2024
0 min read
Cloud security is a major concern for many companies. Significant geopolitical events have heightened uncertainty for businesses, especially regarding the use of personal data. As a trusted provider of email signature management solutions, Exclaimer takes reliability and security very seriously.
Exclaimer remains the most secure email signature management solution available. Our approach to handling sensitive information is thorough, supported by resilient security and robust infrastructure powered by Microsoft Azure.
Check out the features we've implemented in Exclaimer to keep your emails and their contents secure.
Compliance
To see all of our security accreditations, visit our Conveyor Trust Portal. It provides everything you need for a comprehensive review of Exclaimer, including summaries, certificates, reports, policy documents, and answers to over 350 questions.
SOC 2 Type II
In 2023, Exclaimer received the SOC 2 Type II attestation, showing that our global systems effectively meet the Trust Services Principles for Security, Availability, and Confidentiality. A SOC 2 report confirms how an organization manages controls to address security, availability, processing integrity, confidentiality, and privacy risks, along with HIPAA Security Rule requirements.
This achievement underscores our dedication to protecting customer data privacy, ensuring secure data storage and processing, maintaining data accessibility, and implementing measures for data security and confidentiality.
ISO/IEC 27001
Exclaimer has been accredited with the ISO/IEC 27001 by the BSI (British Standards Institution since 2016. This international standard guides how to manage information security and outlines the requirements for an information security management system (ISMS).
Being ISO certified means an independent auditor regularly conducts thorough assessments of Exclaimer to ensure it aligns with ISO security standards. The standard focuses on establishing, implementing, operating, monitoring, maintaining, and improving your ISMS through a process-based approach.
ISO/IEC 27018
ISO/IEC 27018 is an extension of the ISO/IEC 27001 standard, introducing over 50 new control objectives focused on helping cloud providers securely store and process Personally Identifiable Information (PII). It specifies detailed requirements and guidelines for data processors on handling PII in public cloud environments and outlines user rights regarding their data.
Microsoft 365 Certification
Exclaimer achieved the Microsoft 365 Certification after undergoing a thorough security review and audit by Microsoft. This process examined both the Exclaimer application and the data it handles, requiring proof of compliance with Microsoft’s controls. This certification assures our customers that we meet Microsoft’s strict standards.
GDPR and data privacy regulations
Exclaimer fully meets the requirements of the EU General Data Protection Regulation (GDPR). It is also regularly audited to ensure total compliance with this regulation. The UK post-Brexit also maintains an equivalent data protection regime that came into effect on January 1, 2021.
For customers in the European Union (EU) and European Economic Area (EEA), personal data is managed through three data centers located in Germany, the Netherlands, and Ireland. This means there is no data transfer between the UK and EU/EEA. Our Netherlands office is also well-equipped to handle any sales inquiries from the EU/EEA.
We also adhere to data privacy regulations like the California Consumer Privacy Act (CCPA), HIPAA, and comply with standards set by regulatory bodies such as the Dubai International Financial Centre (DIFC) and the Abu Dhabi Global Market (ADGM).
PCI DSS
Exclaimer is tested quarterly to see if we meet PCI data security requirements. This ensure that high security standards are maintained, protecting credit card and other sensitive data.
Exclaimer also does not store any credit/debit card details. When you add a new payment card to your account, you are redirected to the Global Iris payment portal, powered by RealEx Payments. This is secured using a 128-bit SSL Certificate and is one of the most secure ecommerce platforms for online payments.
Data protection built in
Exclaimer understands that your data is extremely precious and sensitive. We therefore have data protection built into the culture of our organization. From robust internal data protection training, through to external and independent audits, your data always remains safe and secure. Our EULA contains gold-standard levels of protection for you and your business, exceeding the requirements of most global data protection laws.
According to SecurityScorecard, an online organization that measures numerous security/vulnerability metrics across all external facing systems in real-time. Exclaimer has an 'A' rating, making it one of the most secure cloud-based solutions available.
Optimized and powered by Microsoft Azure
Exclaimer is designed to operate within Microsoft Azure, a platform highly trusted by IT professionals worldwide. Azure offers scalability and flexibility, ensuring that emails processed by Exclaimer remain within the Microsoft Cloud environment. Given that online security is a major concern for organizations considering cloud architecture, Microsoft built Azure with security as a priority, establishing a compliance framework to meet regulatory standards.
Exclaimer secures all connections using SSL Certificates and TLS, constantly checked to meet current cloud standards. The Exclaimer Azure setup employs load balancing to deliver a consistent network service from regional Azure datacenters globally. If any Microsoft Azure datacenter goes offline, our high-availability service ensures continued uptime and reliability.
We have measures in place to accommodate an increasing number of tenants, maintaining reliability and uptime. Updates to Exclaimer services hosted on Azure are scheduled 'out-of-hours' for each region to minimize disruption. These updates are built and tested by Exclaimer's Development and Quality Assurance teams at our head office before deployment. This process includes stress testing beyond normal usage, and no code is deployed to Azure until it passes thorough anti-virus checks and is scanned by native antimalware on all Azure servers.
Data handling
When using Exclaimer all data related to the operation of your Exclaimer subscription is hosted securely in Microsoft Azure and in such a way that for most customers, data residency can be guaranteed.
Data is securely stored in a High Availability Cluster (HAC) within your designated region, ensuring it is never stored elsewhere by Exclaimer. This approach guarantees compliance with data residency laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Message handling datacenters
When normal service is running, emails are handled by Exclaimer's High Availability Cluster (HAC) in your designated region, following our load balancing policy. This active/active setup guarantees reliable, resilient, and high-performing service.
If an issue arises that halts the signature imprinting service at one of Exclaimer’s Microsoft Azure datacenters, we have a comprehensive plan in place to keep mail flowing normally by automatically switching to an alternate datacenter. The main objective is to maintain uninterrupted mail flow for all of our customers. This ensures we achieve a 99.99% service availability for all customers.
The Exclaimer Service Health page also provides key details on the service and we offer real-time alerts for all customers.
Load balancing policy
Exclaimer recognizes the importance of mail flow and uses load balancing to minimize risks. If there's an issue at one of our two regional datacenters, we have a system to keep mail flowing for all clients. Tenant data is continuously synced across both datacenters.
Load balancing is automated and managed by Microsoft Azure services. If an incident occurs, we can independently remove one Azure datacenter from the load balancer. This process is automated but can also be done manually if needed.
Worldwide availability
Exclaimer is hosted in 14 regional Microsoft Azure datacenters worldwide, keeping your data within your geographic region. Having multiple active regional datacenters ensures our service is always highly available. Each datacenter can handle traffic for the entire region if needed, protecting our solution from any local infrastructure issues with the Azure platform.
Region | Primary Datacenter | Seondary Datacenter |
---|---|---|
USA | East US - Virginia | West US - California |
Canada | Canada Central – Quebec | Canada East - Toronto |
Europe | West Europe – Netherlands | North Europe - Ireland |
UK | UK South - London | UK West - Cardiff |
Germany | Germany W Central- Frankfurt | Germany North- Berlin |
Australia | Australia East - NSW | Australia Southeast - Victoria |
Middle East/East Asia | UAE North - Dubai | UAE North - Dubai |
Fault handling and failure
Our 24/7/365 monitoring services automatically detect any service alerts, which are configured with escalation chains. The primary goal is to maintain mail flow for all Exclaimer customers using multi-location high availability and load balancing.
If an incident occurs at one of Exclaimer’s two regional datacenters, a comprehensive cross-datacenter system ensures mail flow for all tenants is maintained. In addition, tenant data is continuously synchronized in both datacenters simultaneously, meaning continuity of service.
Once the issue is resolved, all emails will be sent as usual. Our Development and Quality Assurance teams are constantly updating the Exclaimer service to align with changes in Microsoft Azure, ensuring no technical issues arise.
Safe and secure data security
By subscribing, you allow Exclaimer to access user data from your Azure Active Directory (AAD) or Google Directory. Exclaimer stores this cached data in your designated regional datacenters.
Data in transit between Exclaimer and Microsoft 365/Google Workspace is encrypted using RSA-2048-bit asymmetric encryption combined with a one-time Rijndael symmetric session key. Rijndael, chosen by the U.S. National Institute of Standards and Technology (NIST), is known as the Advanced Encryption Standard (AES). Keys are issued and managed through certificates, with several used specifically for encryption and decryption.
Message processing
When an email reaches our service, it automatically scans the message for the subject line, sender address, and recipient address to decide if any signatures should be added.
We decode the MIME (Multipurpose Internet Mail Extensions) or TNEF (Transport Neutral Encapsulation Format) carrier to determine where to insert the signature in the email. We also check if a signature design should be excluded based on the presence of certain text.
If the email is in Rich Text or Plain Text, we'll convert it to HTML to apply a complete HTML signature.
Next the sender's information is retrieved from the cached directory data and any stored custom details. These details are then integrated into the designated signature design. The signature is placed in the correct spot in the new email, which is then returned to the Microsoft or Google tenant. A unique certificate is used to authenticate the correct tenant attribution.
Exclaimer does not permanently store emails. They are encrypted at rest and kept only as long as needed to process them. For seven days, Exclaimer logs and stores only the recipient's address, sender's address, and the applied signature. This helps with troubleshooting and support.
If the message is encrypted before reaching Exclaimer (like S/MIME, OME, IRM), our imprinting service can't process it. Instead, the email is sent without any changes.
Summary
We understand the importance security holds for many companies. This is why Exclaimer conforms to the highest industry security standards and best practice guidelines.
Learn more about Exclaimer or get yourself a free trial to see the power of email signature software for yourself.