SaaS Alerts Security FAQ
Q - Where is SaaS Alerts hosted and managed?
A - SaaS Alerts is hosted entirely in the U.S. on the "big 3" cloud vendors' infrastructure
Q - Does SaaS Alerts store and maintain any customer data files?
A - No, SaaS Alerts does not store or maintain access to any Customer data. SaaS Alerts DOES store log information about how organizations and their users interact with their data
Q - Why does SaaS Alerts require Admin credentials to my applications in order to monitor them.?
A - SaaS Alerts operates on a principle of least privilege. If the application we are monitoring on behalf of a customer requires administrative access for API connections, then SaaS Alerts must request an Admin account to set up the initial connection.
Q - How do we know SaaS Alerts is storing Admin account information securely?
A - SaaS Alerts does not store Admin credentials. When Admin credentials are entered in order to initiate an API connection, SaaS Alerts passes those credentials securely to the application API itself. The application API returns an authorization token that can be stored safely for future connections. SaaS Alerts team members don’t have access to this token and the token itself cannot be used to download documents, emails, or any other intellectual property of your business.
Q - What does SaaS Alerts do to keep its application safe on the internet?
A - The SaaS Alerts management interface is only accessible to authorized MSPs and SaaS Alerts internal staff. There is NO anonymous access permitted, and end-user entities do not have permission to access the management interface. SaaS Alerts is designed to limit the need for web-based access even for those who are authorized. SaaS Alerts securely interface with PSA systems to allow MSPs to benefit from receiving necessary notifications directly and other than onboarding new customers, never need to login to SaaS Alerts.
Q - Have SaaS Alerts been security tested?
A - SaaS Alerts performs its own security testing and code review on a regular basis and stores the results as part of its internal audit program. External auditors perform their own security testing and perform annual audits as part of the SaaS Alerts SSAE18 certification process
Q - Why do I sometimes see connection warnings when connecting to SaaS Application Products for the first time.
A - SaaS Alerts complies with third party application approval processes for any application we support. There are some applications which do not have an approval process and instead provide an informative warning when requesting permission. Other applications may have delays in their process. SaaS alerts chooses to bring applications into the monitoring portfolio as soon as full monitoring capability is achieved. If you have any questions about any specific application warnings, please let us know and we can provide you with additional instructions and information as is pertinent to that specific application.
Comments
0 comments
Please sign in to leave a comment.