Security &

Compliance

mxHero Committed to your Trust

mxHero, Inc. is committed to establishing and maintaining a robust operational environment that meets and exceeds the security, availability, confidentiality, and privacy commitments made to our customers. mxHero maintains several security, risk, and compliance initiatives and has an ongoing commitment to continuously extend its security and privacy credentials.

Service Architecture

MxHero services a majority of its clients (13,000+ domains, 1M+ active users) through its Amazon AWS service cluster. This cluster is managed by a select team of highly qualified personnel with decades of enterprise and telco operational experience.

mxHero’s service is topologically equivalent to a network router. The service acts as a gateway where email is temporarily processed for integration with cloud storage systems. Like a router, mxHero’s services possesses very little internal storage, only a sufficient amount to process email in transit. Once processed, mxHero deletes local copies to allow the system to continue processing inbound messages. mxHero’s systems are not designed to retain messages for longer than needed for the express purpose of processing. Processing normally takes less than 30 seconds to occur. As an additional precaution, all temporary storage used for processing utilizes encrypted file systems ensuring that data is encrypted at rest at all times.

Service Monitoring

MxHero services are continuously monitored by internal and external monitoring agents. Continuous, automated monitoring and self-correction enables both high service level availability (above 99.9% per month) and proactive defensive measures ensuring maximum security 24x7. mxHero employs multiple, overlapping monitoring systems to guarantee redundant oversight.

mxHero AWS cluster based services operated with 100% availability in 2015 (link)

Acunetix

mxHero's systems are continuously scanned by Acunetix. Acunetix Vulnerability Scanner automatically crawls and scans off-the-shelf and custom-built websites and web applications for SQL Injection, XSS, XXE, SSRF, Host Header Attacks & over 3000 other web vulnerabilities.

Statuspage.io

mxHero utilizes StatusPage.io to provide its customers continuous and informative status indicators of service. Customers can access the on-demand status indicator by visiting http://status.mxhero.com/. Although rarely suffering incidents, StatusPage is part of mxHero's belief that trust is built on maximum communication and transparency with its partners and customers.

Datadog

Datadog is a SaaS-based monitoring and analytics platform for IT infrastructure, operations and development teams. It brings together data from servers, databases, applications, tools and services to present a unified view of the applications that run at scale in the cloud. mxHero leverages DataDog to provide continuous and advanced monitoring of all its systems.

Zabbix

Zabbix is an enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. Zabbix is deployed across mxHero's systems and provides an additional level of monitoring.

AWS CloudWatch

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications like mxHero that run on AWS. mxHero uses Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in AWS resources. mxHero uses Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. mxHero uses these insights to react and keep its applications running smoothly.

Intrusion Detection Systems

MxHero uses Intrusion Detection Systems (IDS). An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is reported to an administrator and collected centrally.

Certifications

Skyhigh Enterprise-Ready

Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrustTM Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

Skyhigh Enterprise-Ready
Skyhigh Enterprise-Ready Seal

CSA Star

CSA STAR is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring also available in late 2015. STAR certification provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings.

mxHero CSA Star

EU-US Privacy Shield

The EU-US Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes is to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens. The EU-US Privacy Shield is a replacement for the International Safe Harbor Privacy Principles which were declared invalid by the European Court of Justice in October 2015. mxHero has certified that it adheres to the EU-US Privacy Shield.

mxHero EU-US Privacy Shield

U.S. Swiss Safe Harbor

mxHero is also U.S. Swiss Safe Harbor certified.

Better Business Bureau

The Council of Better Business Bureaus (CBBB) is the network hub for BBBs in the US and Canada. Like BBBs, CBBB is dedicated to fostering honest and responsive relationships between businesses and consumers -- instilling consumer confidence and advancing a trustworthy marketplace for all. mxHero has registered and complied with the BBBs accreditation standards, which include a commitment to make a good faith effort to resolve any consumer complaints. BBB Accredited Businesses pay a fee for accreditation review/monitoring and for support of BBB services to the public.

Forthcoming 2017

As part of an ongoing commitment to the security and privacy of our clients, mxHero has embarked on an aggressive effort to secure additional industry leading certifications. We look forward to posting the following this year:

TRUSTe
The TRUSTe Certified Privacy seal is a signal to consumers that a website is safeguarding your personal information and values your online privacy.
About TRUSTe.

SOC 2 Type 2
A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating.
About SOC.

Regulatory Compliance

HIPAA

The federal Health Insurance Portability and Accountability Act (HIPAA) of 1996’s primary goal is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information as it moves through the healthcare system, and help the healthcare industry control administrative costs. mxHero does not store electronic protected health information (ePHI), but has mapped its control framework to HIPAA security requirements to validate we are able to comply with HIPAA if the need arose. mxHero signs Business Associate Agreements upon request.

FERPA

The Family Educational Rights and Privacy Act of 1974 (FERPA) protects the privacy of student education records by giving parents or eligible students access to their child’s education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. mxHero does not store education records, but does provide a platform used by educational institutions through which these types of records may be routed, which is considered “directory” information. Therefore, mxHero maintains a comprehensive security and privacy program that supports FERPA’s objective.

Platform Approvals

Google Apps for Business

mxHero has been an approved Google for Business and Education application provider since 2012. With more than 10 applications published to the Google Apps Marketplace over the years, mxHero has consistently met Google's evolving security requirements for publication to its application portal.

Microsoft Azure

The Microsoft Azure™ Marketplace is an online market for buying and selling finished Software as a Service (SaaS) applications and premium datasets. The Microsoft Azure Marketplace helps connect companies seeking innovative cloud-based solutions with partners who have developed solutions that are ready to use.

mxHero is a proud contributor to the Azure Marketplace.

Box Elite Partner

Leading cloud storage company, Box, has created an Elite Tier program for select partner companies. This invite only program allows Box to partner closely with these companies in a way that will deliver a best in class experience for joint customers.

mxHero is proud to have been selected Box Elite Partner of the Year 2016
http://www.prweb.com/releases/2016/09/prweb13686998.htm

13,000+ Companies, 1 Million  Users

Businesses Trust MxHero

Interested? Contact us!

Heading