Comprehensive protection across 7 areas of data and physical security
Data replication at the server and client level
Security measures that facilitate regulatory compliance
Third-party audits to validate our controls and processes
What does it mean to have "worry-free" security?
Intermedia invests considerable human and capital resources to ensure levels of security and protection in which you can have full confidence. We’re SOC 2 audited, which attests to our high standards for security—including product security, network security, infrastructure security and privacy protection.
Validation for our security and protection claims
Any cloud provider can claim to be secure. We have consulted with a number of independent sources to validate the claims we make.
Intermedia's SOC 3 Security and Availability Report
SSAE 16 Type II-audited datacenters
Financial regulatory compliance
Privacy protection and data protection frameworks
Security and protection across seven pillars
Click each cell below to see comprehensive security details for each of our seven security and protection pillars.
Data security, including encryption and access control
Server-side and client-side backups
Endpoint protection for PCs, mobile devices and voice services
Privacy and control over data
In transit: TLSv1.2
Advanced encryption with Policy Based and User Based Email Encryption
At rest: Bitlocker® (available on some versions of Exchange)?
SecuriSync® file sharing and backup
In transit: SSL/TLS
At rest: Account-level encryption keys
AnyMeeting Video Conferencing & Webinars
Intermedia Unite® Softphone
Intermedia Unite® Voice encryption
Signaling: TLS (upon cusotmer request)
Single sign-on (Intermedia AppID®)
Multiple layers of encryption are used to protect data in transit
Server and client use a combination of 2048-bit asymmetric encryption (RSA) for communication and 256-bit symmetric encryption (AES) for sensitive data
All communication is over HTTPS secured by TLS, and is locked to a specific session
Passwords are stored server-side, hashed and salted, using an adaptive function with multiple rekeying rounds.
In transit: SSL
At rest: AES-256
Exchange Plus backup
Intermedia retains at least 2 copies of your data
These copies reside on physical disks in separate corners of our database quadrant
This ensures service availability in the event that a storage unit experiences a failure
This design makes it highly unlikely that corrupt data will replicate from one copy to another
Customize-able Backup Schedules for reoccurring backup jobs
Retention policy options to help manage storage
Available options to download and upload PST backups from HostPilot® or through any FTP clients
SecuriSync file sharing and backup
Customer data is stored on EMC Isilon NAS which consists of 2 sets of 3 redundant storage nodes
Data is configured for N+2:1 redundancy to sustain both disk drive and node failures
There at least 2 copies of each customer file
Data is additionally protected by snapshots which are scheduled once a day
Each snapshot is retained for a month
3 copies of archived data, located in multiple datacenters
Lync®/Skype for Business®:
PC clients with conversation history enabled can use Outlook Backup to backup their conversations
Real-time sync/backup of all files in the My SecuriSync folder
Versioning - real-time backup of all subsequent changes to files
Recycle Bin for content protection (policy: prevent permanent deletion of files by end-users)
Simple Admin (Admin File Management) or end-user driven restore
Lost/Damaged device: Install SecuriSync and authenticate using AD creds. All files will be automatically restored to the device
Deleted Files: Restore deleted files from SecuriSync Recycle Bin. Permanent file deletion can be disabled by administrators
Old Versions: Restore any version from file version history
AntiSpam (Advanced Email Security)
AntiVirus (Advanced Email Security)
White/Black lists (Advanced Email Security)
Anti-malware/anti-phishing for URLs (Intermedia LinkSafe™)
SecuriSync: remote wipe of PCs
Two-Factor Authentication for Intermedia Unite® Desktop App
The Desktop App from Intermedia allows users to use their Unite business phone system while working remotely or while on the go. These apps require a login and password and also require 2-factor authentication for access.
Mobile security (MDM)
ActiveSync and Blackberry® remote device wipe
Device management polices to enforce password requirements
Device timeout period
Other message settings, including maximum retention time on device, size and attachment restrictions
SecuriSync: remote wipe of data on mobile devices and PCs
Advanced: Intermedia offers integration with well-known MDM vendors (some only available with Private Cloud)
Two-Factor Authentication for Intermedia Unite® Mobile App
The Mobile App from Intermedia allows users to use their Unite business phone system while working remotely or while on the go. These apps require a login and password and also require 2-factor authentication for access.
Spam Caller Protection in Intermedia Unite®
Detection: Sophisticated call detection automatically recognizes robocalls and scammers.
Alerts: Warns users of spam and fraudulent calls before they answer a call from any Unite-enabled device.
Blocking: Intermedia Unite can block spam and fraudulent callers from reaching users.
Secure handset protection
To verify that phones and devices are secure from cyber threats and attacks like eavesdropping, we require strong passwords on all SIP endpoints.
Internally, Intermedia maintains systems and processes to detect and respond to any suspicious and/or malicious activity within our corporate network.
Ability to selectively enable service for end-users
Role-based admin access for control panel
Two-factor authentication for an extra layer of security
IP white listing/restrictions for accessing control panel
Granular sharing permissions
Custom IP restrictions (Private Cloud only)
Email retention policy
Granular sharing permissions
Mobile app pass-codes (iOS/Android™/BlackBerry)
Admin file management (provides admin visibility into user content)
External sharing policies (Pre-approve vs Manually approve external sharing)
User decommissioning (By disabling SecuriSync for an end-user, an admin restricts future access and retains all user files)
App shaping (application feature control) in third-party apps
Audit Log in third-party apps
Group access to shared credentials (securely share a common login to web applications, e.g. corporate Facebook presence)
Password management is very granular, based on user role.
We support password management options for HostPilot, Partner Portal Admins and Active Directory Users.
Both users and admins can reset their passwords, with the new one sent via cellphone or email address
"Reset password on next login" available for both Admins and Users. (Admins are able to define who will have to reset password on the next login.)
HostPilot admins have the following options:
Restrict password management by users themselves
Sync passwords from custom Active Directory based on the UserPilot.
"Password meter" functionality for measuring password complexity/security is available
To comply with CPNI regulations, password changes trigger an email notification to the owner of the password
During onboarding, passwords are sent to admins in an encrypted file; the code to open the file is sent separately via SMS
Admins, partners and Active Directory users can be subject to password policies
Admins can apply a default policy or build custom policies
The following fields are available for customization
Minimum password length
Password expiration period
Allow/deny reuse of existing passwords
Lock user after several wrong login attempts
Single sign-on and Cloud IAM
AppID provides an option to securely store web application passwords so that users only have to remember a single password
Cloud Access Security Brokers
AppID Enterprise is a fully featured cloud access security broker.
Context Aware Policies
AppID Enterprise allows organizations to implement context aware policies, based on user, group, device, network, and geolocation.
Two-factor Authentication (2FA)
2FA within Intermedia AppID supports the following:
Intermedia VeriKey app: Push notification via iOS and Android smartphone app.
SMS text message
Intermedia VeriKey: One-time passcode
Google Authenticator: One-time passcode
Captcha on the login page (only select pages)
Prevent dictionary attacks by locking users after several wrong attempts
Privileged user management
Internal administrator activities are logged and internal administrator access is routinely reviewed
HostPilot allows customers to review logs of admin activity on their own account
Administrator activity within AppID is logged separately
Multi-tenant platform security
Multiple redundant, enterprise-class firewall systems
Multiple redundant carrier grade intrusion protection systems (IPS)
Intrusion prevention and detection
Network access control
Secure access policies
Role-based access control
Restricted server access
Redundant internet service providers
Mitigates the potential impact of DDoS attacks
All Intermedia services are protected by 24x7x365 DDoS mitigation services from leading provider
Stringent caller identification procedures authenticate a caller’s identity during support and service calls
Secure Email Gateways
Every email sent and received by Intermedia is filtered and vetted by our secure email gateways
Alerting and monitoring within our security operations center
Dedicated, full-time security staff manage all aspects of security, including:
Log correlation and event monitoring
Managing intrusion detection systems (both host and network)
Service and architecture testing
Source code reviews
Privacy protection and data protection frameworks
“Mining” identifiable customer data for 3rd-party advertising
Identifiable customer data never gets “mined” to serve third-party ads.
Customer choice of data location
Customers can choose their primary datacenter region to eliminate lag or comply with national regulations
Customers can locate their data in two datacenters to eliminate lag
Data storage location will not move across national borders without your consent.
Protection against surveillance
Intermedia does not provide government agencies with direct access to our network, applications or systems. When we do receive subpoenas, we defend our customers’ right to privacy by ensuring that every request complies with the law and by only providing the minimum required information.
Private cloud availability
Private clouds are available for customers that want customized security or integrations.
Security information and event management
Logs are centrally collected from our services
Automated monitoring and alerting is performed to identify suspicious events
Account contact gets notified when critical security preferences are changed (coming in next release of HostPilot)
Event log analytics tool
Event log of changes made on account from HostPilot/Partner Portal.
SecuriSync: Admins can view detailed event logs for all file activity
AppID Enterprise: Allows admins to enable granular audit logs for any web app