Cover all bases with a Secure W2P Platform

Facilities

PrintNow hosts Service Data primarily in data centers that have been certified as SSAE 16 SOC 1 Type II  compliant.

Infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.

On-Site Security

On-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.

Data Hosting Location

PrintNow leverages data centers in the United States & Europe.

Customers can choose to locate their Service Data in the US-only or EEA-only.*

*Only available with Data Center Location Add-on

Dedicated Security Team

Our globally distributed Security Team is on call 24/7 to respond to security alerts and events.

Protection

Our network is protected through the use of key security services, integration with our Cloudflare edge protection networks, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.

Architecture

Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.

Network Vulnerability Scanning

Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.

Third-Party Penetration Tests

In addition to our extensive internal scanning and testing program, each year, PrintNow employs third-party security experts to perform a broad penetration test across the PrintNow Production and Corporate Networks.

Security Incident Event Management

Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers that notify the Security team based on correlated events for investigation and response.

Intrusion Detection and Prevention

Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.

Threat Intelligence Program

PrintNow participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on risk.

DDoS Mitigation

PrintNow has architected a multi-layer approach to DDoS mitigation. A core technology partnership with Cloudflare provides network edge defenses, while the use of cloud scaling and protection tools provide deeper protection along with our use of cloud DDoS specific services.

Logical Access

Access to the PrintNow Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the PrintNow Production Network are required to use multiple factors of authentication.

Security Incident Response

In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

Encryption in Transit

All communications with PrintNow UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and PrintNow is secure during transit. Additionally for email, our product leverages opportunistic TLS by default. Transport Layer Security (TLS) encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol. Exceptions for encryption may include any use of in-product SMS functionality, any other third-party app, integration, or service subscribers may choose to leverage at their own discretion.

Encryption at Rest

Service Data is encrypted at rest in the cloud using AES-256 key encryption.

Uptime

PrintNow maintains a publicly available system-status webpage, which includes system availability details, scheduled maintenance, service incident history, and relevant security events.

Redundancy

PrintNow employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime and/or our Enhanced Disaster Recovery service offering allows us to deliver a high level of service availability, as Service Data is replicated across availability zones.

Disaster Recovery

Our Disaster Recovery (DR) program ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.

Enhanced Disaster Recovery

Our Enhanced Disaster Recovery package adds contractual objectives for Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These are supported through our capability to prioritize operations of Enhanced Disaster Recovery customers during any declared disaster event.

*Only available with the purchase of the Enhanced Disaster Recovery Add-on.

Secure Code Training

At least annually, engineers participate in secure code training covering OWASP Top 10 security risks, common attack vectors, and PrintNow security controls.

Framework Security Controls

PrintNow leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.

Quality Assurance

Our Quality Assurance (QA) department reviews and tests our code base. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.

Separate Environments

Testing and staging environments are logically separated from the Production environment. No Service Data is used in our development or test environments.

Dynamic Vulnerability Scanning

We employ third-party security tooling to continuously and dynamically scan our core applications against the OWASP Top 10 security risks. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.

Static Code Analysis

The source code repositories for both our platform and mobile applications are scanned for security issues via our integrated static analysis tooling.

Third-Party Penetration Testing

In addition to our extensive internal scanning and testing program, PrintNow employs third-party security experts to perform detailed penetration tests on different applications within our family of products.

Responsible Disclosure / Bug Bounty Program

Our Responsible Disclosure Program gives security researchers, as well as customers, an avenue for safely testing and notifying PrintNow of security vulnerabilities through our partnership with HackerOne.