99.99% uptime, seven years running

Our platform was built from the ground up to be an enterprise-class marketing technology platform — and that includes security and reliability.

From our software architecture to our operations infrastructure, everything has been built to keep your content live and your data safe.

Many leading brands, including financial services and network security firms, adopted ion after conducting their own independent analysis of our reliability and security.

Software security

  • Access to ion interactive admin console only permitted via SHA-256 SSL-secured connections
  • Individual ion interactive manager accounts with independent access control features
  • ion interactive manager account passwords are salted and hashed using bcrypt/Blowfish
  • ion interactive manager account passwords are required to be “strong” with a minimum length and a mix of alphanumeric and symbolic characters
  • Only TLS 1.2 and TLS 1.0 connections supported
  • All customer data is stored in databases with encryption at rest.
  • Data collected from respondents may optionally auto-deleted after a configurable expiration window
  • Data exported from ion can be transmitted via secure HTTPS, SFTP, or FTPS protocols with configurable authentication credentials
  • Variable IP restrictions can be configured on each individual ion console
  • A strict admin content security policy in place

Data security

  • Robust AWS SSD hard drives with redundant volume replication for data and file storage with automatic alerts of potential failures
  • Weekly encrypted full backups, daily encrypted differential backups of database and file systems.
  • Backup retention policy, secure destruction of expired backups
  • Automated checks for database integrity and index optimization
  • Parameterized queries and stored procedures protect against SQL injection attacks
  • All ion employees are bound by non-disclosure agreements which covers non-public customer information and are trained on the sensitivity of such information
  • Background checks for ion interactive and AWS employees

AWS physical datacenter security

  • AWS personnel on duty 24/7/52
  • All AWS personnel are required to display their identity badges at all times when onsite at AWS facilities
  • Two factor authentication is used to gain access to server rooms and sensitive areas of the datacenter
  • Only authorized AWS personnel have access to data center facilities
  • Electronic intrusion detection systems are installed within the data layer to monitor, detect and automatically alert the 24/7 AWS Security Operations Centers and teams
  • Closed circuit video surveillance at all entrance points on the interior and exterior of the building housing the data center facilities
  • AWS data centers maintain industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 (formerly referred to as SAS 70 and/or SSAE 16) and SOC 2 audit reports.  AWS is audited by external auditors on more than 2,600 requirements throughout the year.
  • i-on platform is fully hosted in AWS data centers the United States of America

AWS datacenter redundancy

  • Power
    • AWS data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day
    • AWS ensures data centers are equipped with back-up power supply to ensure power is available to maintain operations in the event of an electrical failure for critical and essential loads in the facility
  • Climate and Temperature
    • AWS data centers use mechanisms to control climate and maintain an appropriate operating temperature for servers and other hardware to prevent overheating and reduce the possibility of service outages
    • Personnel and systems monitor and control temperature and humidity at appropriate levels
  • Fire Detection and Suppression
    • AWS data centers are equipped with automatic fire detection and suppression equipment
    • Fire detection systems utilize smoke detection sensors within networking, mechanical, and infrastructure spaces
  • Leakage Detection
    • In order to detect the presence of water leaks, AWS equips data centers with functionality to detect the presence of water
    • If water is detected, mechanisms are in place to remove water in order to prevent any additional water damage

AWS network redundancy

  • i-on interactive platform is logically isolated at the network level in AWS into an Amazon Virtual Private Cloud where we can launch AWS resources in a virtual network that we define.  i-on interactive has complete control over our virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

  • AWS has identified critical system components required to maintain the availability of the system and recover service in the event of outage. Critical system components are backed up across multiple, isolated locations known as Availability Zones. Each Availability Zone runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. Availability Zones are connected to each other with fast, private fiber-optic networking, enabling you to easily architect applications that automatically fail-over between Availability Zones without interruption.

  • AWS Elastic Load Balancers are used to automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. This allows us to achieve greater levels of fault tolerance in the i-on platform, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.

  • AWS CloudWatch allows us to collects monitoring and operational data in the form of logs, metrics, and events, providing i-on Support and Engineering teams with a unified view of AWS resources, applications and services.   CloudWatch is natively integrated with more than 70 AWS services and is integrated into our extended platform monitoring solution (including New Relic and PagerDuty). CloudWatch is leveraged to set high resolution alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to optimize the i-on platform, and ensure they are running smoothly.

  • Firewalls, routers, switches and internet backbone connections are all maintained with redundancy and high availability on a 24/7/52 basis by AWS

  • Redundant power to all infrastructure routers and switches, as well as the data centers themselves

  • Redundant fiber connections to Internet backbone connectivity providers

  • Advanced route optimization technology to provide efficient routing among the multiple backbone carriers connected to the datacenter

  • Servers monitored on a real-time basis for availability via ICMP

Network and server security

  • AWS firewall-equivalent Security Groups employed at every server to block all unused protocols
  • AWS Route Tables configured to restrict traffic, protocols and ports between subnets
  • Databases logically segregated into a private network data tier that is not accessible from the internet, with ingress and egress traffic restricted by AWS Security Groups
  • Network and system monitoring provided by AWS CloudWatch Alarms, New Relic application and infrastructure monitoring, SumoLogic centralized log aggregation (with logs encrypted using AES-256 during transport and at rest), and incident alerting and triage using PagerDuty
  • Distributed-denial-of-service (DDoS) attack mitigation services available
  • Access to ion interactive servers restricted to only an approved subset of ion interactive’s engineering team via secure VPN connections
  • All system administrator access to ion interactive servers logged to an audit trail
  • Anti-Virus Protection is used to scan servers for viruses and infected files are automatically quarantined

Server/application reliability

  • Dedicated fallback service paired with AWS Internet Gateways, AWS firewall-equivalent Security Groups and AWS Elastic Load Balancers provides seamless HTTP/HTTPS redirects to customer-specific URL in the instance of an interruption to the ion service
  • Databases deployed on AWS RDS Managed Services helps to reduce operational overhead and risk by automating common activities such as change requests, monitoring, patch management, security, and backup services, and provides full-lifecycle services to provision, run, and support the infrastructure
  • Immediate alerts to Support teams and automated escalation to Engineering teams in the instance of any such fallback
  • New platform software releases go through a five-stage verification process: independent developer verification, QA server test, alpha test, beta test, and engineer-observed final production release
  • Hardware failures are replaced expeditiously using AWS native capabilities to spin up new servers or volumes in AWS on demand
  • Immediate server replacement available via AWS server and network infrastructure
  • AWS Enterprise Support team and specialized support teams for network, hardware, managed services and general troubleshooting are standing by 24/7/52 for immediate detection and resolution of any such AWS infrastructure failures
  • ion interactive “sentry” service on each server automatically notifies the ion interactive engineering team in the event of system-level anomalies
  • Centralized monitoring of all ion interactive consoles via a tailored “farm” application that is reviewed daily by ion interactive’s engineering and account management teams
  • Personalized account management service available via telephone and email M-F 9am-5pm ET; a toll-free emergency number for any after-hours incidents that will escalate response 24/7/52