ShareVault is deployed in a Virtual Private Cloud (VPC) managed by RackSpace and hosted by Amazon Web Services (AWS). The ShareVault architecture assures compliance, comprehensive security, high availability, elastic scalability and outstanding performance so that our customers can rest assured that their critical information is kept safe and can be accessed by authorized users at any time without waiting. ShareVault IT infrastructure is managed by RackSpace, an AWS Premier Consulting Partner. AWS provides the dedicated hardware, secure data center, advanced resiliency functions and the optimized and secure networking technology.
ShareVault is used for applications that demand adherence to stringent security standards for protection of sensitive information, so our customers expect compliance with a variety of standards, and count on us to provide cutting-edge security functionality.
ShareVault servers are dedicated instances located in an AWS virtual private cloud (VPC), assuring that the hardware is not shared with other AWS accounts. Each of ShareVault's AWS server instances are hardened according to RackSpace’s best practices and in accordance with the relevant security standards. RackSpace management services provide dedicated 24/7/365 real-time monitoring for network/applications, system anomalous events, emerging threats, event investigation, detection escalation, and incident response support. The layered security architecture is based on separate public and private subnets combined with AWS security groups to maximize isolation and limit access. Backend access to the servers for maintenance is done only via secure bastion servers or VPN through a firewall.
Secure Software Development
ShareVault software engineers and quality control personnel are periodically trained on secure software development methodologies, and our application regularly undergoes third party vulnerability assessments by a leading web application security consultancy, including both automated vulnerability scanning and systematic manual penetration testing.
RackSpace’s AWS services are certified SOC 1/2/3, PCI, ISO 90001 / 27001 / 27017 / 27018, FedRAMP Moderate, DoD CC SRG IL2, HIPAA, and HITRUST. These security certifications are essential to ShareVault since our customers’ files often contain personally identifiable information (PII), protected health information (PHI), and other sensitive information. Also, these certifications confirm that trusted third parties have verified for our adherence to the proclaimed security controls and their effectiveness.
Two-Step Verification (Two-Factor Authentication)
ShareVault offers two-step verification (also known as two-factor authentication), which enhances the security of a user's login process by requiring the entry of a secure code which is either delivered by text message to the user's phone, or via an Authenticator app, such as Google Authenticator, Microsoft Authenticator, Authy, Duo or LastPass Authenticator on the user's smartphone.
Confidentiality Notice, with Optional Clickwrap Compliance
You can configure ShareVault to display a customizable notice to users upon login, which can be used to declare the shared documents as confidential. You can tailor both the content and formatting of the notice according to your needs. With ShareVault Express, a single confidentiality notice can be configured for your all end users. With ShareVault Pro and ShareVault Enterprise you can create multiple confidentiality notices, and each can be assigned to a different user group.
For applications requiring that the confidentiality notice be legally enforceable according to UETA and ESIGN requirements, ShareVault Enterprise can be configured with the Clickwrap Compliance option. With the Clickwrap Compliance option, each user's acceptance of the confidentiality notice is separately recorded, with version control of the notice's contents. Users are required to scroll through the entire agreement, and are notified when the the content of the notice has changed since their previous login.
Encryption at Rest with Key Management
Files stored on ShareVault are encrypted at rest with AES 256 using key management that prevents access to your files via the ShareVault back end. Keys are only accessible via an authenticated session, and are never stored to disk. Because of this, the only way to open files in ShareVault is by using the ShareVault web application.
Customer Managed Encryption Keys
ShareVault also offers customer managed keys (CMK) as an option for ShareVault Pro, providing the ultimate in encryption key management security for applications that demand the highest level of data security, but without the complexity of deploying and maintaining your own HSM (Hardware Security Module).
Encryption in Transit with Extended Validation
All connections to ShareVault servers are via HTTPS over Secure Sockets Layer (SSL), providing AES 256 encryption in transit. Our Enhanced Validation (EV) certificate provides assurance that best practices have been followed for domain identity validation.
At ShareVault, we protect the privacy of your information and abide by the Privacy Shield privacy principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer and other processing of Consumer Personal Data transferred from the European Economic Area (“EEA”) or Switzerland to the United States. For further information, refer to the ShareVault Privacy Shield Policy and our listing on the U.S. Department of Commerce | EU-U.S. Privacy Shield list.
The ShareVault infrastructure is based on a high-availability architecture with redundancy at multiple levels. At all times, there are at least two instances of each of the server types located in two different AWS availability zones, ensuring geographic redundancy, independent infrastructure, and real-time failover in the event of a failure.
Additionally, snapshots of all servers in the ShareVault infrastructure are written daily to encrypted AWS S3 storage so that in the highly unlikely event of both availability zones being affected in the AWS Region that hosts ShareVault, a disaster recovery of ShareVault can be quickly deployed from the snapshot. Encryption keys for the customer data files are stored in a separate AWS region so that they can be accessed for disaster recovery.
Virtually all software updates, enhancements and bug fixes can be applied in stages to one server at a time, while the other server(s) handle user activity, which eliminates even planned downtime.
Consistent Worldwide Data Transfer Performance — Even in China
Teridion, a cloud-based networking company, optimizes ShareVault data transfer speeds around the world – especially in China. Having Teridion’s support not only improves the ShareVault user experience by accelerating Internet speeds, but also enables ShareVault to be one of the few Virtual Data Room platforms that are currently accessible in China.
With the rapid growth of business collaborations with Chinese companies, be sure to choose a file sharing platform that can be accessible behind China's Great Firewall.
Thanks to ShareVault's partnership with Teridion, ShareVault is able to provide a snappier user experience including consistently fast upload/download speeds worldwide.
† Excluding planned downtime.
of your most confidential