Security Overview:
Security, privacy, and regulatory compliance are top priorities for Valor Technologies. As a Managed Security Services Provider, we have a deep understanding of the critical role we play in our customers’ businesses. For this reason, we are fully committed to protecting all the data and assets our valued clients trust us with, minimizing the risk of data breaches, and ensuring appropriate use of data.
​
We use a variety of industry-standard technologies to secure both our and customer data and prevent unauthorized access, disclosure, and use. Additionally, all Valor Technologies employees pass a pre-employment background check, and complete regular security training. For those of us in the security business, we know this is the most important part of any security strategy. Our security efforts are prioritized and executed by our dedicated NOC & SOC teams, ensuring security and availability.
Vulnerability Disclosure:
​
If you believe you have found a security vulnerability in any product or service Valor Technologies provides, please contact us as soon as possible. You may send an email directly to security@valortech.io or open a support ticket. In either case, our security team will review the issue and provide a first response within 24 hours.
To help facilitate timely verification and resolution, include as much information as possible with vulnerability reports. Valor Technologies will reach out directly, whenever necessary, to investigate the issue further, and to provide status updates.
Infrastructure and Network Security:
Like many Service providers, Valor Technologies infrastructure is hosted in both a private Tier 3 Datacenter and in the cloud with Microsoft (Azure). We are hosted in the US Central Region with Azure and our Tier 3 datacenter where all data flows into and out of and we are backed up between zones and datacenters. Both our Datacenter and Microsoft provides a strong foundation of privacy and security guarantees. Leveraging both technologies and locations for all infrastructure allows Valor Technologies to stay focused on a relatively small surface of potential security vulnerabilities.
​
Physical Access Control:
Valor Technologies does not have physical access to the Azure data center. For our Tier 3 Datacenter we have a very limited and controlled access for a very select group of engineers. For further details regarding Microsoft’s Datacenter security protocols, refer to Data Center Controls. For further details regarding Microsoft’s Cloud Security Protocols, refer to Azure Infrastructure Security. For further details regarding Tier Point’s Datacenter security protocols, refer to Data Center Controls. (Link coming)
Logical Access Control & Perimeter Security:
Coming soon
​
Penetration Testing:
To independently validate software and infrastructure security, Valor Technologies conducts annual third party penetration testing. We use the results of these tests to help reveal and prioritize potential security enhancements.
Data Security & Privacy:
Understanding Data Flow & Encryption:
Customer & Vendor data is pulled into Valor Technologies at regular intervals through on-premise Agents and over web APIs. In both cases, data is always transferred using industry standard Transport Layer Security (TLS) over the HTTPS protocol.
​
Any and All web application traffic to and from Valor Technologies supports and requires HTTPS. Any insecure HTTP requests are automatically redirected to the secure HTTPS protocol. For the small subset of data served directly from Microsoft Azure services, data is always transmitted over HTTPS. Valor Technologies’s latest SSL Labs Report can be found here. Emails delivered to customers by Valor Technologies are encrypted in-transit using TLS whenever supported by the recipient. Valor Technologies has also enabled full disk encryption for our databases.
​
Data Privacy:
Refer to our Privacy Policy, TOS & AUP for all the requirements for and restrictions of data usage, access, and portability.
Corporate Security:
Internal Policies:
Valor Technologies believes that robust security begins with a strong internal security policies. In this spirit, we have developed policies that require full disk encryption for all hardware, strong credentials and 2FA for access to sensitive third party services, and regular access key and password rotation.
To ensure compliance, our NOC/SOC team provides training (after onboarding and on an ongoing basis) and performs regular random audits. Beyond the internal security policies mentioned above, this includes: acceptable use policy, data use policy, privacy risk assessment, and incident response policy.
To review any of these policies in more detail, please email security@valortech.io.
Background Checks:
Valor Technologies conducts background checks for all new hires, which includes identity verification and national criminal record lookups.
Disclosure Policy:
Extensive security monitoring mechanisms have been deployed throughout Valor Technologies. In the event a breach or other security incident is identified, we will follow our internal Information Security Incident Response Policy, and will communicate as quickly as possible to any affected customers via email, sharing periodic updates addressing impact and remediation.
Business Continuity & Disaster Recovery:
Hosting in a redundant Tier 3 Datacenter and in the cloud with Azure provides with built in resiliency and failover mechanisms. The application and data processing is distributed dynamically over a fleet of redundant servers, and mission-critical infrastructure take advantage of automated backup and multiple availability zone failover mechanisms.
As a safeguard against software and infrastructure failures, Valor Technologies backs up applications and servers nightly, and stores copies of these backups for up to 7 days. Restores from any of these backups can be completed within a matter of hours.
Our data syncing architecture is designed to ensure timely, correct, and reliable results.
​