HIPAA/HITECH Compliant Cloud
PanTerra takes security and privacy very seriously. As such PanTerra's cloud is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) as well as the Health Information Technology for Economic and Clinical Health Act (HITECH), delivering the most secure unified cloud service in the industry. PanTerra is unique in its holistic approach to security and privacy. Not only does PanTerra deliver full HIPAA/HITECH compliant cloud services, PanTerra goes even further, offering fully secure SmartBand MPLS bandwidth which implements a secure IP-VPN network between PanTerra's data centers and the customer's physical locations, and end device Multi-Factor Authentication (MFA). This approach of securing the cloud service, bandwidth and end devices is unique in the industry and makes PanTerra's cloud solution the most secure end-to-end solution available.
PanTerra has secured Business Associates Agreements (BAA) with appropriate downstream vendors and will enter into a BAA with those customers requesting HIPAA/HITECH compliance.
- HIPAA/HITECH compliant cloud services
- HIPAA/HITECH compliant data centers
- Secured Business Associates Agreements (BAA) with downstream vendors and sub-contractors
- Secure connectivity with SmartBand MPLS
- Secure end device access with Multi-Factor Authentication (MFA)
- Full encryption in-transit and at-rest
Secure Data Centers
PanTerra has a rigorous selection process for its data centers, selecting the most secure and reliable locations to run their services from. PanTerra maintains the highest level of physical security for its data centers. PanTerra's data centers utilize state-of-the art electronic surveillance and multi-factor access and authentication control systems.
PanTerra's data centers are staffed 24x7 by trained security personnel and access is restricted and authorized only by PanTerra. All accesses are logged.
Environmental systems are designed to minimize the impact of disruptions to operations. Redundant systems include power, network equipment, servers, and ventilation systems. Each data center has redundant backup diesel generators should the power grid fail.
- Carrier-class firewalls and networking equipment
- All files encrypted with RC4-128 encryption by default with other secure cyphers supported
- All data encrypted with 256-bit AES encryption at rest
- Secure physical access with strict authorization protocol
- Biometric and Retina scanning
- Physical Man-Traps
- Retina scanning for corridor access
- Card reader plus security pin for individual co-location access
- Individual locked cages with card reader access
- All access logged
- Full video surveillance
Secure Cloud Services
Every WorldSmart service implements secure protocols to ensure secure and confidential communications and storage. All communications and data transports are encrypted. No passwords are kept in plain text format and password strength protocols are enforced. All of these security measures ensure that your communications and data are secure and safe.
In addition to built-in multi-factor authentication, WorldSmart supports Single Sign On (SSO) authentication thru third party providers such as Okta and OneLogin. Active Directory support is also supported thru third party SSO providers.
- All content is encrypted with RC4-128 encryption by default for in-transit encryption and 256-bit AES encryption at rest
- All communications are encrypted
- Multi-Factor Authentication (MFA) for all devices and access points to the service, including IP phones, desktops and mobile devices
- Single Sign On (SSO) and Active Directory support through third party SSO providers
- Strong passwords with no human readable password storage
- Settable International calling limits per day and per month
SmartBand MPLS - IP-VPN Secure Bandwidth
In today's cyber hacking world, having a secure data center is not enough to ensure the security and privacy of corporate content and communications. Enterprises must secure the connection between the cloud provider's data center and their locations. PanTerra's SmartBand MPLS bandwidth product solves this problem by delivering a fully secure IP-VPN connection with guaranteed QoS. SmartBand MPLS provides the most secure, cost effective connection with coverage in over 85 metropolitan markets in the US and access to over 10M businesses. When coupled with PanTerra's ultra-secure HIPAA/HITECH compliant cloud services and Panterra's unique end device Multi-Factor Authentication (MFA), SmartBand MPLS provides a complete end-to-end secure cloud solution for enterprises.
- IP-VPN security from company location back to PanTerra data centers
- Works in conjunction with PanTerra's application level encryption and security features
- Supports speeds from 1 Mbps to 10 Gbps
- Broadest coverage in the industry covering over 85 markets and over 10M businesses
- Supports guaranteed QoS with four class of services: real-time, critical, priority and standard
- Supports both MPLS services as well as standard Internet access over same physical connection
- Can optionally support full MPLS mesh network
- Account can have hybrid of both SmartBand and SmartBand MPLS connections
Secure User Access
PanTerra takes the security and protection of your communications and content seriously, implementing the highest level of user access security in the industry. All WorldSmart points of access (IP deskphones, smartphones, tablets, notebooks and desktops) require Multi-Factor Authentication (MFA), ensuring your data is protected even if your login credentials are compromised. MFA can be confirmed on a per session basis or on a device basis, offering flexible options to the end user.
In addition to MFA, PanTerra also provides Multiple Active Device Manager (MADM), giving the user the ability to monitor and remotely control authorized user devices. With MADM, should a smartphone or tablet be stolen or lost, the user (or account administrator) can easily block the device or force logout the active sessions on the device. With 2-phase authentication and MADM, enterprises can have peace of mind as they deploy their cloud communications throughout the world.
Finally, Panterra supports Single Sign On (SSO) capability through SAML 2.0. Thus accounts can use any third party SAML 2.0 compliant SSO providers such as OneLogin and Okta. This allows accounts to use SSO authentication instead of WorldSmart authentication for a more uniform security environment. Active Directory authentication is also supported. SSO authentication can be optionally enabled or only enabled.
24/7/365 Continuous Monitoring
PanTerra's NOC monitoring team continuously monitor all WorldSmart services 24/7 to ensure optimal performance and security of the service. PanTerra monitors everything from external cyber DOS/IDS attacks to "abnormal" user activity (for example accesses from new IP range or communications to/from new geographies). If an abnormal activity is detected, PanTerra's monitoring team goes into action verifying with the customer the validity of the activity or taking immediate action to contain and mitigate any potential breach.
In addition, PanTerra has automated monitoring scripts that scan and test each service to make sure that all services are operating at peak efficiency and with full security safeguards operational. Should any issue be detected, PanTerra NOC operations and engineering resources can be deployed immediately to mitigate and rectify the situation.
Cloud security requires dedicated resources to constantly monitor more new potential attacks and leaks. PanTerra is committed to providing those resources for your peace of mind.
- Network scan – ports, applications running on that port -- auto vulnerability testing
- Industry leading vulnerability scanning providing patch, configuration, and compliance auditing including for mobile, malware, and botnet discovery, sensitive data identification and other considerations
- In-depth SQL injection and cross site scripting testing
- Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
- Visual macro recorder for testing web forms - password protected
- Support for pages with CAPTCHA, single sign-on and dual factor authentication mechanisms
- Intelligent crawler detects web server type (HTML5, SOAP, etc.), application language and smartphone-optimizations
- Active on-going port scans and real time security checks against network services
- Pre-production application security scanning
- Customized scanning for specified applications, ports, IP addresses, etc.
- Web services and application vulnerability testing
- Multi-grade carrier firewall packet vulnerability testing
- Firewall-based Intrusion Detection (IDS)
- Volume and concurrent calls analysis and detection
- Cost-based security fraud detection and prevention
- Authenticated internal server communications
- SNMB based network component monitoring
- Network traffic and connectivity monitoring
- Black List management
- Data segmentation with authentication