Data security in Predict
With Emarsys Predict we minimize exposure to security vulnerabilities at the architectural level as follows:
- No Personally Identifiable Information (PII), such as email addresses, names, etc. is collected or used by the recommender. Predict relies on anonymous random identifiers (issued as cookies) to track individual visitors without knowing who they really “are”
- The frontend serving infrastructure only retains a day’s worth of behavior logs (approx.), and then archives them by sending the data to be stored and processed in a separate, isolated system.
Our infrastructure is hosted on Amazon Web Services (AWS), which provides one of the most secure cloud computing environments in terms of both physical and logical security.
All our Predict servers are secured behind firewalls provided by the AWS infrastructure and ports are only opened for external services as required only once an explicit request has been made.
Our server infrastructure is regularly updated with the latest updates and patches for security vulnerabilities.
- Infrastructure changes are managed via secure HTTPS access
- Hosts are managed via encrypted SSH connections
- All administrative access is tied to unique user accounts (as part of the security policy)
- Infrastructure administrative access is tied to MFA tokens.
- All infrastructure changes are logged via Amazon CloudTrail.
Disaster Recovery & Business Continuity Planning
Our services are hosted, and run in multiple independent data centers (Availability Zones) to maximize availability and continuity of service.
Predict uses redundant and geographically replicated backups via Amazon S3 to ensure the safety of data, and continuity of service.
Emarsys Predict uses the Amazon Cloud to host its technology. For any additional queries regarding compliance and security beyond what is included here – please refer to their resources here: https://aws.amazon.com/compliance/ https://aws.amazon.com/security/.
Data security in Smart Insight
Emarsys Smart Insight handles data related to the e-commerce activities of our customers. This appendix describes the flow and handling of data within Smart Insight, with the focus on information security.
By default, Smart Insight does not store any Personally Identifiable Information (PII). The product uses an anonymous external key (= a number) to associate e-commerce data with Emarsys contacts. Exceptions to this setup can be made upon specific customer request.
The image below shows the architecture of the Smart Insight module:
Application access/Secure sign-on
Our customers access Emarsys ("Emarsys") via HTTPS, which is a protocol secured by SSL. For reporting purposes, Smart Insight accesses the business intelligence tool embedded into Emarsys via HTTPS. For this, it uses trusted host-based authentication to make ensure access is only possible from Emarsys front-end servers. Access to the internal network is done through VPN (Virtual Private Network). VPN accounts are always associated to individual employees, and every access is logged and can be blocked if necessary.
API web service
Smart Insight also has a Segmentation API web service, which is accessible through HTTP. However, this access is limited to the internal network. It cannot be accessed directly from external hosts.
For file transfer purposes we highly recommend using the Sales Data API for Smart Insight uploads. Among others, a great advantage to this solution is that files are validated during the upload and thus errors are more easily spotted.
Smart Insight's legacy method for uploads uses FTPS (FTP over SSL) as the protocol for uploading e-commerce data.
Emarsys’ Data Security Policies guarantee a strict separation of all customer data, especially PII data. This section describes how the data is secured in each stage as it is processed by Smart Insight, and focuses on the data retention time.
Monitoring and logging
All file uploads and all internal processes (loads, segmentation, reports) are constantly monitored and logged. The monitoring interface is only accessible from the internal network.
Storage of e-commerce data
Each customer receives their own database that holds e-commerce data. Since the data is physically separated, customers are not able to access each other’s data. Our database servers use local disks (dedicated storage). No customer data is stored on an external or network drive.
The servers for the business intelligence tool and the Segmentation API use a NetApp storage but store no customer data. As all data transfer and storage is secured, the files themselves are not encrypted. In order to ensure redundancy and high availability, the Smart Insight Greenplum database is split between two data centers in two separate physical locations, which minimizes the risk of any data loss resulting from, for example, a natural disaster.
Backup and restore
All files uploaded by customers are backed up on our load server which is only accessible from the internal network. All segment definitions created by customers are backed up daily. Customer databases are not backed up; in case of failure, all data can be restored from the e-commerce files, which are backed up.
File uploads are protected by the FTPS protocol. Files are stored on the FTPS server for only a brief period of time and are then copied by an automated process to a secure, inaccessible storage. Both the transfer and the FTPS server are secured, so no additional file encryption is applied.
Smart Insight does not export any data.
- All E-commerce data files uploaded by customers are deleted from the outside-facing server within one day.
- Besides that, Smart Insight does not automatically delete any data, even if it was previously deleted from Emarsys.
- Data can selectively be deleted upon customer request. However, to ensure data consistency, Emarsys suggests to start from scratch and do a full upload with the corrected data.