Zola’s experienced security team employs state-of-the-art technology to detect, investigate, and stop threats before they can impact your firm’s operations.
Here are just a few ways we keep your practice safe 24/7/365:
External Security Audit
We use automated probing services provided by external security companies to scan every 24 hours for potential vulnerabilities in our applications, systems and networks. We supplement these automated scans with human security experts that employ manual penetration strategies to identify and address latent hazards within both the application and infrastructure layers.
All documents, as well as critical data, are encrypted at rest using a multi-iteration 2048-bit process. Certain data such as passwords are also protected with a randomly generated cryptographic salt.
Secure Data Transmission
All data is transmitted from Zola Suite’s servers to your devices via bank-grade TLS encryption that prevents digital eavesdropping by unauthorized parties.
Brute Force Attack Countermeasures
A brute force attack is a trial and error method of guessing different letters and numbers and cycling through them via automated means to gain access to an account. For example, a simple brute-force attack may utilize a dictionary of all words or commonly used passwords and continuously attempt to login with those terms until it successfully guesses the correct password and obtains access. Zola Suite identifies abnormal activities indicative of a brute force attack and undertakes a variety of measures, both at the firewall and application level to prevent unauthorized access to data.
Data Redundancy and Backup
Zola Suite is deployed on the Amazon Web Services (AWS) platform. Documents and data are protected by Identity and Access Management roles within an AWS Region and replicated across Availability Zones (located in different geographic locations within the US) for backup on a daily basis. This means that if some servers go down, the other connecting servers will auto-rollover and your access to your data will be uninterrupted.
We maintain a number of policies designed to protect the integrity and privacy of your data including two-factor authentication for sharing access with new external users, stringent password strength requirements, and detailed logging of activities both from the infrastructure level as well as within an account.
Our infrastructure resides at AWS facilities in the United States which have achieved compliance with an extensive list of global quality and security standards, including ISO 9001, ISO 27001, PCI DSS and HIPAA via Box.com integration. In addition, Zola Suite has achieved SOC 1/ISAE 3402 and SOC 2 compliance.