Features: Data and Password Safe

From day one, security has been at the forefront of our design. This ensures we keep every password safe and all data secure. It’s amazing how many services we come across that only provide SSL security in premium plans – not Monkey Box!

Monkey Box employs SSL security throughout, and we do so with a dedicated certificate. Others use wildcard certificates (e.g. *.example.com), which means they are likely securing many servers/sites with a single certificate – a bonehead move (in our opinion), as one compromised server means every server that uses that certificate is compromised.

In addition to SSL security, we also encrypt passwords at rest, and when subscription owners export passwords from their admin console, we export an encrypted password-protected PDF. Our ultimate goal is to maintain transparency in how we operate Monkey Box, and to that end, we welcome you to write us at security@monkeybox.com with any of your questions.

Looking to get more technical? Here’s a detailed overview of Monkey Box’s security features:

Physical Security

  • Data center access limited to Rackspace data center technicians
  • Biometric scanning for controlled data center access
  • Security camera monitoring at all data center locations
  • 24/7 on-site staff provides additional protection against unauthorized entry
  • Physical security audited by an independent firm

System Security

  • System installation using hardened, patched OS
  • System patching configured by Rackspace to provide ongoing protection from exploits
  • Dedicated firewall and VPN services to help block unauthorized system access
  • Data protection with Rackspace-managed backup solutions
  • Optional, dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access
  • Distributed Denial of Service (DDoS) mitigation services based on our proprietary Rackspace PrevenTierTM system
  • Risk assessment and security consultation by Rackspace professional services teams

Billing Data Security

  • All credit card data managed and stored securely by our billing provider Recurly (Recurly is PCI-DSS Level 1 compliant)
  • Operational Security – the Rackspace Infrastructure

    • ISO17799-based policies and procedures, regularly reviewed as part of SAS70 Type II audit process
    • All employees trained on documented information security and privacy procedures
    • Access to confidential information restricted to authorized personnel only, according to documented processes
    • Systems access logged and tracked for auditing purposes
    • Secure document-destruction policies for all sensitive information
    • Fully documented change-management procedures
    • Independently audited disaster recovery and business continuity plans in place for Rackspace headquarters and support services

    Operational Security – Monkey Box Application Environment

    • Best practices used in the random generation of initial passwords
    • Password encryption during transmission and while in storage at Rackspace
    • Secure file sharing and destruction procedures for all customer data

    App Security

    • Dedicated SSL Security Certificate, used throughout the application
    • Passwords and password notes encrypted at rest
    • Password fields obfuscated until clicked
    • Database backups encrypted at rest
    • Files/attachments encrypted at rest
    • 30-minute session timeout
    • User password minimum security requirements
    • OTP-compliant two-factor authentication
    Try for Free!