Sunrise utilizes some of the most advanced technology for Internet security available today
When you access our site using industry standard Secure Socket Layer (SSL) technology, your information is protected using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered Users in your organization. Your data will be completely inaccessible to your competitors. Sunrise provides each User in your organization with a unique user name and password that must be entered each time a User logs on. Sunrise issues a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user. Sunrise does not use "cookies" to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs. In addition, Sunrise is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Security researchers seeking information on how to report security issues to Sunrise should review our Vulnerability Reporting Policy.
Sunrise understands that the confidentiality, integrity, and availability of our customers’ information are vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes to meet the growing demands and challenges of security.
Internal and Third-party testing and assessmentsSunrise tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments (Mcaffe secure) are also conducted regularly: Application vulnerability threat assessments Network vulnerability threat assessments Selected penetration testing and code review Security control framework review and testing p>
Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.
Secure data centers
Our service is collocated in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including: Access control and physical security 24-hour manned security, including foot patrols and perimeter inspections Biometric scanning for access Dedicated concrete-walled Data Center rooms Computing equipment in access-controlled steel cages Video surveillance throughout facility and perimeter Building engineered for local seismic, storm, and flood risks Tracking of asset removal
Humidity and temperature control Redundant (N+1) cooling system
Underground utility power feed Redundant (N+1) CPS/UPS systems Redundant power distribution units (PDUs) Redundant (N+1) diesel generators with on-site diesel fuel storage
NetworkConcrete vaults for fiber entry Redundant internal networks Network neutral; connects to all major carriers and located near major Internet hubs High bandwidth capacity
Fire detection and suppressionVESDA (very early smoke detection apparatus) Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression
Secure transmission and sessionsConnection to the Sunrise environment is via SSL 3.0/TLS 1.0, using global step-up certificates ensuring that our users have a secure connection from their browsers to our service. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login
Network protectionPerimeter firewalls and edge routers block unused protocols Internal firewalls segregate traffic between the application and database tiers Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports A third-party service provider continuously scans the network externally and alerts changes in baseline configuration
Disaster recoveryThe Sunrise service performs real-time replication to disk at each data center, and near real-time data replication between the production data center and the disaster recovery center Data are transmitted across encrypted links. Disaster recovery tests verify our projected recovery times and the integrity of the customer data
BackupsAll data are backed up to tape at each data center, on a rotating schedule of incremental and full backups The backups are cloned over secure links to a secure tape archive Tapes are not transported offsite and are securely destroyed when retired
Privacy OverviewAt Sunrise there is no higher priority than the privacy and security of our customers' data. We believe that protecting the privacy of our customers' data is integral to our mission of earning and maintaining the trust of each of our customers. We seek to lead the industry as a trusted repository for customer data through a world-class privacy program and provide a secure infrastructure and flexible tools that help enable our customers to comply with global privacy and data protection regulations.
Vulnerability Reporting PolicyThe Sunrise security team acknowledges the valuable role that independent security researchers play in Internet security. Keeping our customers’ data secure is our number-one priority, and we encourage responsible reporting of any vulnerabilities that may be found in our site or application. Sunrise is committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us. Additionally, Sunrise pledges not to initiate legal action against security researchers for penetrating or attempting to penetrate our systems as long as they adhere to the conditions below.
Testing for security vulnerabilities:Conduct all vulnerability testing against Trial or Developer Edition organizations (instances) of our online services to minimize the risk to our customers’ data.
Reporting a potential security vulnerability:Privately share details of the suspected vulnerability with Sunrise by sending an email to email@example.com Provide full details of the suspected vulnerability so the Sunrise security team may validate and reproduce the issue
Sunrise does not permit the following types of security research:Causing, or attempting to cause, a Denial of Service (DoS) condition Accessing, or attempting to access, data or information that does not belong to you Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
The Sunrise security team commitment:To all security researchers who follow this Sunrise Vulnerability Reporting Policy, the Sunrise security team commits to the following: To respond in a timely manner, acknowledging receipt of your report To provide an estimated time frame for addressing the vulnerability To notify the reporting individual when the vulnerability has been fixed
No compensation:Sunrise does not compensate people for reporting a security vulnerability, and any requests for such compensation will be considered a violation of the conditions above. In such an event, Sunrise reserves all of its legal rights.
Legal Notice Contact Information General Legal: firstname.lastname@example.org Compliance: email@example.com Copyright: firstname.lastname@example.org
We are always busy to identify and use the latest technologies and design techniques to make Sunrise everything you want it to be. If you have suggestions, feedback, or ideas, please don't hesitate to contact us at email@example.com.