Data in transit.

To protect data in transit, Moxtra uses secure sockets layer (SSL) / transport layer security (TLS) for data transfer, creating a secure tunnel protected by 128-bit or higher advanced encryption standard (AES).

Data in transit between a Moxtra client and the hosted service is always encrypted via SSL/TLS. For end points we control (desktop and mobile) and modern browsers, we use strong ciphers and support perfect forward secrecy. Individual sessions are identified and re-verified with each transaction, using a unique token created at login.

Data at rest.

Moxtra hosts its service using Amazon S3. Amazon S3 server side encryption (SSE) is used to encrypt the data stored at rest.

Amazon S3 server side encryption employs strong multi-factor encryption. Each object is encrypted with a unique key. As an additional safeguard, this key itself is encrypted with a regularly rotated master key. Amazon S3 Server Side Encryption uses one of the strongest block ciphers available — 256-bit Advanced Encryption Standard (AES-256) — to encrypt your data.

Network Security.

Moxtra identifies and mitigates risks via regular application, network, and other security testing and auditing by both dedicated internal security teams and third-party security specialists.

Moxtra diligently maintains the security of our back-end network. our network security and monitoring techniques are designed to provide multiple layers of protection and defense. we employ industry-standard protection techniques, including firewalls, network security monitoring, and intrusion detection systems to ensure only eligible traffic is able to reach our infrastructure.

Single Sign-on.

Moxtra supports federated authentication using SAML (Security Assertion Markup Language) 2.0 protocol to easily enable the integration with various identity and cloud SSO providers.

With SAML SSO 2.0 (Security Assertion Markup Language) organizations can securely authenticate and authorize between their identity provider and Moxtra in a trust relationship.

Reliability.

Moxtra has been developed with multiple layers of redundancy to guard against data loss and ensure availability.

Redundant copies of metadata are distributed across independent devices within a data center in an N+2 availability model. hourly incremental and daily full backups are performed on all metadata. this feature, beyond protecting user data, provides high availability of the moxtra service. in the event of a failed connection to moxtra’s service, a client or front-end server will gracefully resume operation when a connection is re-established.

Physical Security.

Physical access to subservice organization facilities where production systems reside are restricted to personnel authorized by Moxtra.

Any individuals requiring additional access to production environment facilities are granted that access through explicit approval by appropriate management.

Privacy Guarding.

Moxtra is committed to transparency in handling law enforcement requests for user information, as well as the number and types of those requests.

We scrutinize all data requests to make sure they comply with the law and are committed to giving users notice, as permitted by law, when their accounts are identified in a law enforcement request.

Authentication.

All passwords in moxtra are stored using one-way hashing (SHA 256) and they are never exchanged over clear channel.

We scrutinize all data requests to make sure they comply with the law and are committed to giving users notice, as permitted by law, when their accounts are identified in a law enforcement request.