The PenguinData web application is designed to be secure.

  • Strict access controls allow users to view only the data they have been given access to.
  • All client databases are completely separate, preventing any data from being accessed from a different domain.
  • No data from any database can be accessed without a valid username and password, and each client's user list is unique and separate.
  • All transactions occur over an SSL v3 connection, preventing malicious eavesdropping of any connection.
  • All database transactions utilize parameterized queries, eliminating the threat of SQL injection.


Physical server security is important to PenguinData

  • All PenguinData hardware is housed in a secure, climate controlled, SAS 70 Type II certified data center operated by VISI, Inc.
  • Access to the facility requires three factor authentication.
    • A proximity card is required to enter the datacenter lobby.
    • Photo ID is verified by on site security.
    • Entering of a PIN, followed by a palm print scan, is required for datacenter entry.
  • The datacenter is monitored 24/7 by onsite security.

Security Monitoring

  • This host and the PenguinData application is scanned daily by Network Solutions nsProtect™ for vulnerabilities.
  • PenguinData is 100% redundant which gives us the ability to quickly and efficiently fail over in case of a server malfunction.

Failover Replication

PenguinData facilitates multiple failover systems.

  • Onsite hardware for immediate failover in the event of hardware failure.
    • Near instantaneous replication.
    • Dedicated failover hardware.
  • Amazon EC2 hosted offsite failover with continuous streaming replication.
    • ISO 27001 Certification.
    • Multiple SAS70 Type II Audits.
    • EC2 infrastructure is housed in Amazon controlled datacenters.
    • AES 256bit block level encryption on all database storage devices.
    • All communication between datacenters is SSH encrypted.