we use the latest technologies to provide a secure service
data in transit
to protect data in transit, moxtra uses secure sockets layer (SSL) / transport layer security (TLS) for data transfer, creating a secure tunnel protected by 128-bit or higher advanced encryption standard (AES) encryption. data in transit between a moxtra client and the hosted service is always encrypted via SSL/TLS. for end points we control (desktop and mobile) and modern browsers, we use strong ciphers and support perfect forward secrecy. individual sessions are identified and re-verified with each transaction, using a unique token created at login.
data at rest
moxtra hosts its service using amazon S3. amazon S3 server side encryption (SSE) is used to encrypt the data stored at rest in amazon S3. amazon S3 server side encryption employs strong multi-factor encryption. each object is encrypted with a unique key. as an additional safeguard, this key itself is encrypted with a regularly rotated master key. amazon S3 Server Side Encryption uses one of the strongest block ciphers available — 256-bit Advanced Encryption Standard (AES-256) — to encrypt your data.
moxtra diligently maintains the security of our back-end network. moxtra identifies and mitigates risks via regular application, network, and other security testing and auditing by both dedicated internal security teams and third-party security specialists. our network security and monitoring techniques are designed to provide multiple layers of protection and defense. we employ industry-standard protection techniques, including firewalls, network security monitoring, and intrusion detection systems to ensure only eligible traffic is able to reach our infrastructure.
moxtra supports federated authentication using SAML (Security Assertion Markup Language) 2.0 protocol to easily enable the integration with various identity and cloud SSO providers. this lets an organization securely authenticate and authorize between their identity provider and moxtra in a trust relationship.
a communication and collaboration system is only as good as it is reliable, and to that end, we’ve developed moxtra with multiple layers of redundancy to guard against data loss and ensure availability. redundant copies of metadata are distributed across independent devices within a data center in an N+2 availability model. hourly incremental and daily full backups are performed on all metadata. this feature, beyond protecting user data, provides high availability of the moxtra service. in the event of a failed connection to moxtra’s service, a client or front-end server will gracefully resume operation when a connection is re-established.
physical access to subservice organization facilities where production systems reside are restricted to personnel authorized by moxtra, as required to perform their job function. any individuals requiring additional access to production environment facilities are granted that access through explicit approval by appropriate management.
users’ privacy and that of their business data is something we take seriously, so we work hard to protect user information from unauthorized access. moxtra is committed to transparency in handling law enforcement requests for user information, as well as the number and types of those requests. we scrutinize all data requests to make sure they comply with the law and are committed to giving users notice, as permitted by law, when their accounts are identified in a law enforcement request.
before any content is added into moxtra users have to login to their moxtra account. All passwords in moxtra are stored using one-way hashing (SHA 256) and they are never exchanged over clear channel.