June 20, 2022
When you access our site using industry standard Secure Socket Layer (SSL) technology, your information is protected using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered Users in your organization. Your data will be completely inaccessible to your competitors. Sunrise provides each User in your organization with a unique user name and password that must be entered each time a User logs on. Sunrise issues a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user. Sunrise does not use "cookies" to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs. In addition, Sunrise is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Security researchers seeking information on how to report security issues to Sunrise should review our Vulnerability Reporting Policy.
Sunrise understands that the confidentiality, integrity, and availability of our customers’ information are vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes to meet the growing demands and challenges of security.
Sunrise tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments (Mcaffe secure) are also conducted regularly: Application vulnerability threat assessments, network vulnerability threat assessments, selected penetration testing and code review security control framework review and testing.
Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats. We are constantly being scanned to insure PCI level of security with our Security partner Trust Guard.
Our service is collocated in dedicated spaces at top-tier data centers in Europe, with private Cloud environments where your data location is always known and protected. These facilities provide carrier-level support, including: Access control and physical security 24-hour manned security, including foot patrols and perimeter inspections, biometric scanning for access, dedicated concrete-walled data center rooms, computing equipment in access-controlled steel cages, video surveillance throughout facility, perimeter building engineered for local seismic, storm, and flood risks amd tracking of asset removal.
Humidity and temperature control Redundant (N+1) cooling system
Underground utility power feed, redundant (N+1) CPS/UPS systems, redundant power distribution units (PDUs), redundant (N+1) diesel generators with on-site diesel fuel storage.
Concrete vaults for fiber entry Redundant internal networks, network neutral; It connects to all major carriers and are located near major Internet hubs with high bandwidth capacity.
VESDA (Very Early Smoke Detection Apparatus), dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression.
Connection to the Sunrise environment is via SSL 3.0/TLS 1.0, using global step-up certificates ensuring that our users have a secure connection from their browsers to our service. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.
Perimeter firewalls and edge routers block unused protocols. Internal firewalls segregate traffic between the application and database tiers using intrusion detection sensors throughout the internal network, reporting events to a security event management system for logging, alerts, and reports. A third-party service provider continuously scans the network externally and alerts changes in baseline configuration.
The Sunrise service performs real-time replication to disk at each data center, and near real-time data replication between the production data center and the disaster recovery center. Data are transmitted across encrypted links. Disaster recovery tests verify our projected recovery times and the integrity of the customer data.
All data are backed up to tape at each data center, on a rotating schedule of incremental and full backups. The backups are cloned over secure links to a secure tape archive. Tapes are not transported offsite and are securely destroyed when retired.
At Sunrise there is no higher priority than the privacy and security of our customers' data. We believe that protecting the privacy of our customers' data is integral to our mission of earning and maintaining the trust of each of our customers. We seek to lead the industry as a trusted repository for customer data through a world-class privacy program and provide a secure infrastructure and flexible tools that help enable our customers to comply with global privacy and data protection regulations (GDPR).
The Sunrise security team acknowledges the valuable role that independent security researchers play in Internet security. Keeping our customers’ data secure is our number-one priority, and we encourage responsible reporting of any vulnerabilities that may be found in our site or application. Sunrise is committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us. Additionally, Sunrise pledges not to initiate legal action against security researchers for penetrating or attempting to penetrate our systems as long as they adhere to the conditions below.
Conduct all vulnerability testing against Trial or Developer Edition organizations (instances) of our online services to minimize the risk to our customers’ data.
We are constantly being scanned to insure PCI level of security with our Security partner Trust Guard.
Privately share details of the suspected vulnerability with Sunrise by sending an email to security@sunrisecloud.com. Provide full details of the suspected vulnerability so the Sunrise security team may validate and reproduce the issue.
Causing, or attempting to cause, a Denial of Service (DoS) condition. Accessing, or attempting to access, data or information that does not belong to you. Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.
To all security researchers who follow this Sunrise Vulnerability Reporting Policy, the Sunrise security team commits to the following: To respond in a timely manner, acknowledging receipt of your report, to provide an estimated time frame for addressing the vulnerability and to notify the reporting individual when the vulnerability has been fixed.
Sunrise does not compensate people for reporting a security vulnerability, and any requests for such compensation will be considered a violation of the conditions above. In such an event, Sunrise reserves all of its legal rights.
Legal Notice Contact Information:
General Legal: legal@sunrisecloud.com
Compliance: legal@sunrisecloud.com
Copyright: info@sunrisecloud.com
We are always busy to identify and use the latest technologies and design techniques to make Sunrise everything you want it to be. If you have suggestions, feedback, or ideas, please don't hesitate to contact us at info@sunrisecloud.com.