Campaign Data Security
State of the Security Address
As we are now waist deep in the 2012 presidential election cycle, the old “how do you handle data security” question has come up a number of times in the past week. In response I thought I’d do a general State of the Security address.
Six of the leading 2012 Republican presidential contenders are users of Crimson and last year over 55% of all Federal Republican donations were managed by the Crimson platform. As you can see, we take our fiduciary responsibility for your fundraising and FEC compliance data very very seriously.
Our Crimson databases live on database servers and Storage Area Networks (SAN) hosted in a SSAE 16 Type 2 compliant data center.
Every 20 minutes these databases are snapshotted, replicated, and synchronized with mirror databases that live in an onsite data center.
Every night the SAN data volumes are cloned and mounted to backup servers onsite. High density differential backups to tape are also performed nightly.
Every week differential backups and full backups are saved to SDLT tapes and stored in a locked fire safe. The previous week’s backups are then transferred to an off-site data storage facility.
Every other week back up data is physically moved to an off-site data storage facility.
Monthly full backups are archived off-site for a minimum of 3 years. The weekly backup sets are rotated on a weekly basis so the most current 4 weeks of data (which we consider a monthly backup) is being stored at teh off-site facility.
We maintain Active Directory Servers, Web Servers and Database Servers that function as both production servers in our on-site and our off-site data centers. A point-to-point fiber-optic link connects these 2 data centers so they can act as both production servers and as backups to each other. In the event of a catastrophic incident at one of the data centers, service can be quickly restored by the other data center.
Appropriate backup power and backup hardware are provided at both data centers. The SSAE 16 facility can run indefinitely on backup power if necessary.
Data center facility access by individuals is pass key controlled and both facilities are under 24/7 video surveillance. The SSAE 16 facility has 24/7 on-duty guards at all entrances and two factor identification/authentication is required to gain access.
Separation of Client Data
Each client’s database lives in a dedicated server that is separated from other functions. This secures your data from the prying eyes of any other client.