Security

Security was a key focus point when Zephyr was being created. Our goal was to create a platform that would help our partners avoid the security headaches that plague other systems and cause loss of time and money.

We know that dealing with hacked websites ruins your day. And keeping up with plugins and exploits sucks away time that you could be spending with clients and growing your business. This is why we think you'll find Zephyr to be a welcome change.

So how do we protect your websites?

The servers that power Zephyr are not accessible from the Internet, they communicate with each other via a secure messaging bus that is encrypted, IP restricted, and access controlled and store data in our databases which are IP restricted, access controlled, and encrypted as well.

Zephyrs services follow CQRS and Event Sourcing patterns so any changes that are made do not overwrite records. Instead, the system calculates the result as needed. This is similar to how a banking system handles transactions, each debit/credit transaction is a single change and the end result is your balance.

Zephyr's infrastructure is PCI compliant, which is the standard used by the financial services industry (like banks and credit card processors) to ensure data security and integrity. Zephyr is hosted with Azure in a certified datacenter.

While Zephyr focuses heavily on security at a platform level, the most vulnerable area of any platform is the users. We require two-step authentication for every user to enhance security at the user level. Zephyr also enforces strong passwords to help site administrators avoid using easily-cracked passwords.

Phishing emails are the most common entry point for someone to gain access so we encourage all partners and site administrators to review this with your team to ensure everyone is on the lookout for any suspicious emails, especially anything coming from Zephyr. Zephyr will never ask you for your password.