Security Features
Crimson Security
Long before security became a front-page issue, CMDI took proactive steps to protect the data we manage by making significant investments in our security systems and infrastructure. From the physical security at our offices and caging facility to the multi-layered security approach at our data centers, CMDI’s priority is keeping your information safe. For more information about CMDI's physical and cybersecurity, please see the Data Security page.
Prevent Accidental Breaches
& Data Loss
With Crimson’s custom user groups, it is easy to protect your account from any accidental data breaches by providing high levels of user access control by establishing different levels of user permissions for editing or read-only access.
Crimson’s History feature keeps all users accountable for their actions by tracking all changes made to a record, who made the changes, and when they were made.
Safety Starts at Login
With two-factor authorization, users have an extra level of security to access your Crimson platform.
Keeping Personal & Financial Data Safe
Crimson keeps your data secure using PCI Security Council standards. When credit card numbers are received in hard copy form, they are handled in secure and monitored environments.
Physical credit card numbers are blacked-out and stored safely after transactions are processed. Credit card numbers are never written or stored in our software or hardware, and extensive penetration tests are conducted on our systems as well.
Automatic Backups
& Disaster Recovery
Crimson’s backup systems take hourly snapshots of your data and replicate them in multiple locations using private links. CMDI retains several months of full data backups for all our clients using solid-state hybrid drives. Testing verifies the projected recovery times for restoring data as well as checking the integrity of the restored data. When physical drives are retired, all data is destroyed through a certified process from a third party.
Discover Crimson.
Set up a custom demo to see how the Crimson platform can help your Republican organization.
Crimson Platform Security
Security Testing & Assessments
Before releasing updates or features, we test all our code for security vulnerabilities. Networks and systems are regularly scanned for vulnerabilities and assessed for risks, including:
Application vulnerability threat assessments
Network vulnerability threat assessments
Selected penetration testing and code review
Security control framework review and testing
Security Monitoring
CMDI monitors notifications from alerts and internal systems to identify, manage, and block threats and external malicious sources.
Network Protection
Perimeter firewalls/edge routers block unused protocols.
Internal firewalls segregate traffic between the application and database tiers.
Intrusion detection sensors detect and review logs to monitor for suspicious behavior.
Secure Transmission & Sessions
Connection to the Crimson environment is via TLS 1.2 using step-up certificates from GeoTrust. This ensures that there is no unencrypted traffic on the Crimson network. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.