Security & Compliance
mxHero Committed to Your Trust
mxHero, Inc. is committed to establishing and maintaining a robust operational environment that meets and exceeds the security, availability, confidentiality, and privacy commitments made to our customers. mxHero maintains several security, risk, and compliance initiatives and has an ongoing commitment to continuously extend its security and privacy credentials.
SOC 2 Type 2
mxHERO is SOC 2 Type 2 certified by Dansa D'Arata Soucia. The SOC 2 report provides a description of mxHERO Security and the company’s organization controls that meet the AICPA Trust Services relevant to Security, Availability, Processing Integrity, Confidentiality, and Privacy.
A copy of our SOC 2 report is available upon request. Please contact your sales representative or account team for more details.
Service Architecture
mxHERO services a majority of its clients (13,000+ domains, 1M+ active users) through its Amazon AWS service cluster. This cluster is managed by a select team of highly qualified personnel with decades of enterprise and telco operational experience.
mxHERO’s service is topologically equivalent to a network router. mxHERO is not designed to retain data. The service acts as a gateway where email is temporarily processed for integration with cloud storage systems. Like a router, mxHERO’s services possess very little internal storage, only a sufficient amount to process email in transit. Once processed, mxHERO deletes local temporary copies to allow the system to continue processing inbound messages. mxHERO’s systems are not designed to hold messages for longer than needed for the express purpose of processing. Processing normally takes less than 30 seconds to occur. As an additional precaution, all temporary storage used for processing utilizes encrypted file systems ensuring that data is encrypted at rest at all times.
Service Monitoring
mxHERO services are continuously monitored by internal and external monitoring agents. Continuous, automated monitoring and self-correction enables both high service level availability (above 99.9% per month) and proactive defensive measures ensuring maximum security 24x7. mxHERO employs multiple, overlapping monitoring systems to guarantee redundant oversight.
Acunetix
mxHERO's systems are continuously scanned by Acunetix. Acunetix Vulnerability Scanner automatically crawls and scans off-the-shelf and custom-built websites and web applications for SQL Injection, XSS, XXE, SSRF, Host Header Attacks & over 3000 other web vulnerabilities.
Statuspage.io
mxHERO utilizes StatusPage.io to provide its customers continuous and informative status indicators of service. Customers can access the on-demand status indicator by visiting http://status.mxhero.com/. Although rarely suffering incidents, StatusPage is part of mxHERO's belief that trust is built on maximum communication and transparency with its partners and customers.
Zabbix
Zabbix is an enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. Zabbix is deployed across mxHERO's systems and provides an additional level of monitoring.
Datadog
Datadog is a SaaS-based monitoring and analytics platform for IT infrastructure, operations and development teams. It brings together data from servers, databases, applications, tools and services to present a unified view of the applications that run at scale in the cloud. mxHERO leverages DataDog to provide continuous and advanced monitoring of all its systems.
AWS CloudWatch
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications like mxHERO that run on AWS. mxHERO uses Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in AWS resources. mxHERO uses Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. mxHERO uses these insights to react and keep its applications running smoothly.
Detectify
Detectify performs automated security tests on web application and databases and scans assets for vulnerabilities including OWASP Top 10, CORS, Amazon S3 Bucket and DNS misconfigurations. 200+ handpicked ethical hackers contribute security findings that are built into our scanner as automated tests. Submissions go beyond the known CVE libraries that are not a sufficient test bed for modern application security.
Intrusion Detection Systems
mxHERO uses Intrusion Detection Systems (IDS). An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is reported to an administrator and collected centrally.
Certifications
Skyhigh Enterprise-Ready
Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrustTM Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
CSA Star
CSA STAR is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring also available in late 2015. STAR certification provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings.
EU-US and Swiss-US Privacy Shield
The EU-US and Swiss-US Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes is to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens. The EU-US and Swiss-US Privacy Shield is a replacement for the International Safe Harbor Privacy Principles which were declared invalid by the European Court of Justice in October 2015. mxHERO has certified that it adheres to the EU-US Privacy Shield.
Better Business Bureau
The Council of Better Business Bureaus (CBBB) is the network hub for BBBs in the US and Canada. Like BBBs, CBBB is dedicated to fostering honest and responsive relationships between businesses and consumers -- instilling consumer confidence and advancing a trustworthy marketplace for all. mxHERO has registered and complied with the BBBs accreditation standards, which include a commitment to make a good faith effort to resolve any consumer complaints. BBB Accredited Businesses pay a fee for accreditation review/monitoring and for support of BBB services to the public.
Regulatory Compliance
HIPAA
The federal Health Insurance Portability and Accountability Act (HIPAA) of 1996’s primary goal is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information as it moves through the healthcare system, and help the healthcare industry control administrative costs. mxHERO does not store electronic protected health information (ePHI), but has mapped its control framework to HIPAA security requirements to validate we are able to comply with HIPAA if the need arose. mxHERO signs Business Associate Agreements upon request.
FERPA
The Family Educational Rights and Privacy Act of 1974 (FERPA) protects the privacy of student education records by giving parents or eligible students access to their child’s education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. mxHERO does not store education records, but does provide a platform used by educational institutions through which these types of records may be routed, which is considered “directory” information. Therefore, mxHERO maintains a comprehensive security and privacy program that supports FERPA’s objective.
Awards, Recognitions & Approvals
ASTORS Homeland Security Award
for Email Security
The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure decision makers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.
In partnership with Canon USA, mxHERO wins the prestigious ASTORS for the category
"Best Email Security Solution" - 2019, 2020 & 2021
Google Apps for Business
mxHERO has been an approved Google for Business and Education application provider since 2012. With more than 10 applications published to the Google Apps Marketplace over the years, mxHERO has consistently met Google's evolving security requirements for publication to its application portal.
Microsoft Azure
The Microsoft Azure™ Marketplace is an online market for buying and selling finished Software as a Service (SaaS) applications and premium datasets. The Microsoft Azure Marketplace helps connect companies seeking innovative cloud-based solutions with partners who have developed solutions that are ready to use.
Box Elite Partner
Leading cloud storage company, Box, has created an Elite Tier program for select partner companies. This invite only program allows Box to partner closely with these companies in a way that will deliver a best in class experience for joint customers.
mxHERO is proud to have been selected Box Elite Partner of the Year 2016
http://www.prweb.com/releases/2016/09/prweb13686998.htm