There's a main challenge facing enterprises today. To stay competitive, companies must share information and collaborate freely on business content, while meeting stringent security and regulatory compliance. This challenge has added urgency as companies adopt cloud-based email and collaboration services that span the desktop, web, and mobile devices. Security and compliance with statutory and legal requirements is a critical issue for businesses of all sizes and across all industries because of the potentially severe problems associated with security breaches or compliance violations.
YouSendIt is a cloud-collaboration platform for managing and sharing business content online. We offer an integrated approach for accessing and syncing content, and sending, sharing, and signing documents from anywhere—the desktop, web, or mobile devices. YouSendIt is the only cloud-collaboration solution that provides enterprise-grade security and policies across multiple platforms and systems. We offer the highest level of security by implementing a comprehensive seven-layer security strategy, so you have peace of mind that your data is safe and secure at all times.
Below we detail each layer of YouSendIt's seven-layer security strategy and explain how YouSendIt provides a highly secure cloud-collaboration platform to our customers.
YouSendIt maintains secure, redundant, state-of-the-art data centers in California, U.S.A. and London, England. Each YouSendIt data center facility is protected with double-wall construction and secured with biometric and video surveillance security. Physically protected around-the-clock by on-site security guards, each YouSendIt data center includes raised floors, seismically protected equipment, and water suppression and dry-pipe fire protection technologies to prevent damage or loss from fire, earthquakes, flooding, and other natural disasters.
All servers are secured in a locked room with access that is limited and restricted to authorized individuals only. Access is auditable by password and biometric scan for entry. Guests and one-time visitors are always escorted by a data center security guard or another authorized YouSendIt employee. The entry and exit time of each visitor is recorded in a secure audit log.
YouSendIt leverages ISP- and enterprise-grade firewalls that provide IP filtering and DoS protection. Proactive network scans are performed regularly, blocking Internet spiders and search engines from indexing files.
All YouSendIt users must register using a valid email address and password. These credentials are encrypted during transmission and storage using a one-way hash. YouSendIt also requires every registered user to authenticate his or her email address before the user is able to use the YouSendIt service, ensuring that the user has registered a valid email address. Passwords must be more than five and less than 16 characters in length.
When a user requests a password reset, YouSendIt verifies that the correct, authorized user is making the request by sending a notification to the requesting email address that requires a response. In addition, a second notification is sent to the same email address after the password has been reset to verify the password.
Application access for enterprise customers can be further controlled through Active Directory integration. Authentication for Active Directory occurs behind the customer's firewall and no password information is passed to YouSendIt.
All files stored on YouSendIt servers are stored on 256-bit AES encrypted volumes and the filenames are encoded and scrambled, making it impossible for a network intruder to identify the file by its original name. In order to access and download a file from YouSendIt's servers, either the full download link or complete user credentials are required.
To ensure that data is not compromised, YouSendIt employs the Secure Socket Layer (SSL) protocol. In order to protect data integrity during file transfer, online payments, and user registration, YouSendIt implements industry-standard, 128-bit SSL encryption deployed using Class 3 certificates and Server-Gated Cryptography (SGC).
For additional security, a customer may require that a recipient use another password to ensure that only a specific person can receive a file. This is common if the file recipient works on a shared computer or email account, or in an insecure environment. In this scenario, the customer specifies a password during file upload. YouSendIt does not transmit this password to the recipient. Instead, the customer must communicate the password to the recipient. To download the file, the recipient must use the password.
Finally, users can ensure that only authorized individuals using authenticated delivery are able to download files. This service requires that the file recipient have a YouSendIt account. The user must login with his or her username and password prior to being allowed to download a file.
YouSendIt automatically stores all files uploaded by a customer for 14 days, at which time the file automatically expires and is deleted. Customers also have the ability to customize the data retention policy to meet their specific requirements, setting file expiration time as short as 30 minutes or to "never expire." All user files uploaded to YouSendIt servers are immediately replicated to a second server within the same data center and stored on both servers for the life of the file. In the event of a server failure, the file will be retrieved from the secondary storage server.
With YouSendIt's comprehensive tracking tools, customers can monitor how many times a file has been downloaded, by whom, and at what time. This complete audit trail enables customers to ensure compliance with government regulations regarding the traceability of information privacy and accidental disclosure. YouSendIt is PCI compliant and TRUSTe compliant. YouSendIt has obtained a Service Organization Control (SOC) 2 Type 2 security report. YouSendIt also helps those customers who are subject to PCI, HIPAA, and GLBA compliance.
From physical and network access control to user authentication and authorization to data storage, transfer, and retention to monitoring and auditing, YouSendIt secures your information at every level of data access, storage, and transfer. With its comprehensive, seven-layer security strategy, YouSendIt delivers the only secure, reliable cloud-collaboration platform on the market, giving you peace of mind that your company’s confidential and private information remains safe and secure. When you use YouSendIt, you can comply with government regulatory requirements, protect your corporate brand and customer loyalty, and ensure the privacy of your intellectual property and other sensitive data.