99.99% uptime, seven years running

Our platform was built from the ground up to be an enterprise-class marketing technology platform — and that includes security and reliability.

From our software architecture to our operations infrastructure, everything has been built to keep your content live and your data safe.

Many leading brands, including financial services and network security firms, adopted ion after conducting their own independent analysis of our reliability and security.

Software security

  • Access to ion interactive admin console only permitted via SHA-256 SSL-secured connections
  • Individual ion interactive manager accounts with independent access control features
  • ion interactive manager account passwords are salted and hashed using bcrypt/Blowfish
  • ion interactive manager account passwords are required to be “strong” with a minimum length and a mix of alphanumeric and symbolic characters
  • Only TLS 1.2 and TLS 1.0 connections supported
  • Data collected from respondents may optionally be stored encrypted in the database using AES-256 encryption
  • Data collected from respondents may optionally auto-deleted after a configurable expiration window
  • Data exported from ion can be transmitted via secure HTTPS, SFTP or FTPS protocols with configurable authentication credentials
  • Variable IP restrictions can be configured on each individual ion console
  • A strict admin content security policy in place

Data security

  • Single-tenant software-as-a-service (SaaS) architecture maintains each customer’s data in their own dedicated database and separate file directories
  • Robust RAID10 redundant hard drives for data and file storage with automatic alerts of potential failures
  • Weekly full backups, daily differential backups of database and file systems; offsite back ups available as an optional configuration
  • 2 week data backup retention policy, secure destruction of expired backups
  • Automated checks for database integrity and index optimization
  • Parameterized queries and stored procedures protect against SQL injection attacks
  • All ion employees are bound by non-disclosure agreements which covers non-public customer information and are trained on the sensitivity of such information
  • Background checks for ion interactive and Rackspace employees

Physical datacenter security

  • Rackspace personnel on duty 24/7/52
  • All Rackspace personnel are required to display their identity badges at all times when onsite at Rackspace facilities
  • Two factor authentication is used to gain access to sensitive areas of the datacenter:
    • electromechanical locks are controlled by biometric authentication and key-card/badge
  • Only authorized Rackspace personnel have access to data center facilities
  • Closed circuit video surveillance at all entrance points on the interior and exterior of the building housing the data center facilities

Datacenter redundancy

  • Redundant HVAC units
  • Redundant lines of communication to telecommunication providers
  • Fire detection and suppression systems (inspected at least yearly)
  • Multiple uninterruptible power supplies (UPS) with N+1 redundancy and instantaneous failover in the event of a primary UPS failure
  • Diesel generators with N+1 redundancy (run at least every 120 days and serviced at least annually by a third-party contractor)
  • Fuel contracts maintained with multiple providers for prioritized resupply of diesel generators
  • Cabinets wired to separate power distribution units (PDU) to provide redundant power
  • Raised flooring to protected hardware and communications equipment from water damage

Network redundancy

  • Continuous monitoring of connectivity and performance to multiple bandwidth providers, including all routers and switches
  • Highly available, fully redundant enterprise-class Cisco routing and switching equipment
  • Highly available, fully redundant enterprise-class F5 load balancing equipment
  • Redundant power to all infrastructure routers and switches
  • Redundant fiber connections to Internet backbone connectivity providers
  • Advanced route optimization technology to provide efficient routing among the multiple backbone carriers connected to the datacenter
  • Servers monitored on a real-time basis for availability via ICMP

Network and server security

  • Cisco firewall employed at network perimeter to block all unused protocols
  • Dedicated virtual network (VLAN) for logical segmentation of ion interactive servers within Rackspace’s network infrastructure
  • Distributed-denial-of-service (DDoS) attack mitigation services available
  • Active intrusion detection system from AlertLogic
  • Access to ion interactive servers restricted to only an approved subset of ion interactive’s engineering team via secure VPN connections
  • All system administrator access to ion interactive servers logged to an audit trail
  • Anti-Virus Protection is used to scan servers for viruses and infected files are automatically quarantined (Rackspace maintains current virus signature updates)
  • Dedicated/independent IP address for each ion customer

Server/application reliability

  • Dedicated failover service paired with Cisco and/or F5 load balancer(s) provides seamless HTTP/HTTPS redirects to customer-specific URL in the instance of an interruption to the ion service
  • Immediate alerts to engineering team in the instance of any such failover, with weekly assigned “on call” engineers as first responders to such events
  • New application software releases go through a five-stage verification process: independent developer verification, QA server test, alpha test, beta test, and engineer-observed final production release
  • Primary server hardware failures are guaranteed to be replaced within 1 hour or less (meanwhile, the failover service would be in effect)
  • Redundant server hardware is available for fast-track replacements
  • Rackspace network and hardware engineers are standing by 24/7/52 for immediate detection and resolution of any such hardware failures
  • ion interactive “sentry” service on each server automatically notifies the ion interactive engineering team in the event of system-level anomalies
  • Centralized monitoring of all ion interactive consoles via a tailored “farm” application that is reviewed daily by ion interactive’s engineering and account management teams
  • Personalized account management service available via telephone and email M-F 9am-5pm ET; a toll-free emergency number for any after-hours incidents that will escalate response 24/7/52