In Action1, we care about your data and its integrity. As a company, we are committed to providing a bullet-proof and secure endpoint management solution for our customers. We employ the latest data protection technologies and actively stay compliant with modern standards and regulations. Our experienced team of engineers established round-the-clock security auditing and monitoring in order to provide the highest level of protection for our users.
Data Encryption and App Security
The endpoints connected to the Action1 Cloud communicate through a secure channel. We use the 2048 RSA private keys for end-to-end encryption. The key exchange eliminates the chances of your data being stolen while in transit and guarantees the integrity and authenticity of your data. For each Action1 account, we generate a private key and embed it in the Account1 Deployer and agent installers. No one besides you has access to your private key and can leverage it to access your data.
Besides restricting unencrypted access to Action1 web console, we enforce the two-factor authentication for all our users. The multi-factor authentication is an effective way to secure user accounts and access to data since it adds an extra verification step to your sign-in procedure. Action1 recommends using an authentication app such as Google Authenticator, Twilio Authy, Duo Mobile, or Microsoft Authenticator. Or you can leverage email-based MFA by entering unique one-off code sent to our email. Access to Action1 resources via API is secured with the OAuth 2.0 protocol.
Compliance and Security Regulations
As a company and a Cloud service provider, we follow the industry best practices related to data security such as PCI DSS, SOX, HIPAA, GDPR, NIST, and rely on Amazon, who is FedRAMP compliant. We have set ongoing monitoring and enforced the least privilege model meaning that employees have limited access to corporate resources and client data. No one has access to your Action1 account and data unless you explicitly allow it. We care about your privacy and are always on guard, protecting your data even when it goes beyond what the standards prescribe.
Our servers are hosted in the certified data centers run by Amazon Web Services. For more information about Amazon security controls and regulations, please refer to AWS Compliance Programs and AWS Cloud Security.
What You Can Do to Help Us Protect Your Data
To protect your data from authorized access, we recommend you follow these security guidelines:
- Always lock your computer when leaving your desk and make sure it’s password-protected. Enforcing a strong password policy is also a good option.
- Prefer app-based multi-factor authentication over email-based.
- Use the latest anti-virus and malware protection software, regularly install security updates and patches. You can identify missing updates with Action1 and set up automated patch management. For more information, see Create Patch Management Policy.
- If you are a Managed Service Provider or take care of an independent department, create Organizations within your Action1 account to separate endpoints and enable access to them based on the organization. For more information, see Multi-Tenancy for MSPs and Enterprises.
We value transparency, so you can quickly find relevant information on our Status page in case of unscheduled downtime.
Should you have more questions, don’t hesitate to contact our technical support.