HR Data Security Matters

What’s in the Cloud, Stays in the Cloud

Security Cloud

Technology in the cloud is the new frontier—a place where your company’s HR data becomes a significant business asset. But only if your employees’ information is secure. It is your responsibility to make sure their cloud-based data is safe, that it cannot be modified, yet is accessible on demand from any device, anywhere.

SilkRoad can help you integrate must-have data protection features into your cloud-based set of talent management tools.

Why trust SilkRoad with your HR data security? Because data is what we do, and we are fierce about protecting it.

The most significant benefit for IT? More time and resources to focus on strategic mission critical, competitive advantage initiatives.

How Do We Do It? Controls, Controls, Controls

We put in place hundreds of traceable controls to protect your HR data.

Physical Controls

Security begins at our front door, with controls that include:

  • Locks, Power Doors, and Keypads – we keep the outside world out and allow in only those authenticated to service your needs.
  • 24-hour Video Monitoring – inside and outside our data center, every day, no matter what.

Administrative Controls

Granted access is trackable and verifiable:

  • Multi-factor Authentication for Physical Access - SilkRoad requires multi-factor authentication of anyone entering our hosted data center (biometric fingerprint verification and facial tracking are just two of the James Bond-like measures we use to monitor access).
  • Access Only Where We Need It – anyone entering the facilities has access only to those areas he or she requires access to, nowhere else.

Data Center Security

We make sure our hosting facilities provide:

  • 100% Power Availability – we guarantee that our servers, network, databases and applications will not go down. We have battery-powered back-up generators and dual servers to ensure uninterrupted service.
  • Application Stack Protection - SilkRoad has created a highly redundant system with no single points of failure in the application stack to ensure that employees’ data is available to authorized users with reasonable response times.
  • Firewalls, Internal and External –we ensure that only legitimate traffic from authorized users is routed to the appropriate server.
  • Intrusion Prevention – SilkRoad uses IPS to perform deep-packet inspection of all incoming traffic.
  • Network Lockdown - we keep your company’s LAN separate, and make sure that the production domain contains no wireless access point to keep hackers at bay.
  • Compliant – SilkRoad supports privacy and integrity standards, including SSAE-16 SOC 2.
  • Encryption – applications, Personally Identifiable Information, and back-ups are encrypted for multi-layer protection.

How Do We Prove our Security Data Protection Systems Work?

SilkRoad Embraces the C.I.A. Principles

We do it through:

  • Extensive Testing – Scan, Test; Repeat. That’s our motto. We test our systems all the time, to make sure nothing gets past our security.
  • Transparency – we have no problems showing you how we keep your HR data safe: in fact, we welcome the opportunity to demonstrate how our security architecture works. (We don’t call it showing off, exactly, but it’s a bit like winning the science fair.)
  • Data Storage 100% isolated from other companies’ data.
  • Being Compliant – we meet the most rigorous industry standards for risk management, monitoring, and executive oversight. We have passed SSAE-16 SOC 2 audits for six consecutive years, and meet every data privacy law and data integrity law in existence.

Cloud-based technology is only as good as the data security that goes with it. Only when your system is safe and breach-proof can your company soar to new heights.

ISACA (formerly known as Information Systems Audit and Control Association)

Nine Security Features You Should Demand from Your Cloud-based Service Provider

  1. Transparency into security controls
  2. SSAE-16 SOC 2 audit-verified solution
  3. Data center perimeter security
  4. App infrastructure that secures the entire stack
  5. Verification of third-party penetration testing
  6. Ability to encrypt sensitive data at rest
  7. Verification of software engineering designed to reduce risk of top 10 software vulnerabilities
  8. Incident response management system
  9. Ability to schedule meeting with the provider’s CISO to discuss issues