Maytech Public Documentation
Space shortcuts
Skip to end of metadata
Go to start of metadata


Is there separation between users?

Quatrix instances for Business and Professional plans are provisioned using shared resources with logical separation between accounts.

For Enterprise Plans > 250 users we offer the option of single tenant instances with dedicated resources:

  • Dedicated Virtual Machine

  • Dedicated database

  • Dedicated storage pool

  • Single tenant database

  • Dedicated IP

  • Network segregation

We require two business days to setup dedicated instances.

Please detail which parts of the infrastructure/solution are shared with other customers:

  1. Shared database instances?

  2. Shared servers?

  3. Shared virtual server hosts?

  4. Shared network infrastructure?

  5. Shared firewall infrastructure?

Professional and Business Plans: All shared with access restriction.


Enterprise plans, all shared but dedicated instance with separate database and storage pool, dedicated IP and network segregation is available.

How is the solution provided:

  1. Software as a Service?

  2. A dedicated hosted infrastructure platform?

  3. A hosted infrastructure platform shared with other customers?

All Maytech’s products are Software as a Service.

What are browser or proxy modifications required to use the solution?

The information on Supported Browsers can be found on Maytech's Product Support page:

  • Firefox from v.28

  • Chrome from v.34

  • Safari (Mac) from v.7

  • Internet Explorer from v.9

Do you offer a dedicated IP address?

Yes, in FTP-Stream every account has a dedicated IP address.

The Quatrix IP is fixed and permanent, you can setup DNS for a host in your domain.


This works for SFTP with no further configuration on our side. However if you want to use your URL for we access we need to obtain and install an SSL certificate.

How users interface with the system?

Via a web browser?

Via a software client?

Web browser and (S)FTP client.


In FTP-Stream it's possible to force SFTP and enable custom automations.  

How is sensitive information that is transferred protected?


Are all communication links within the Maytech's platform fully secure and using encryption or other secured techniques for information transmission?




Who holds the encryption keys i.e. can Maytech access and decrypt the Customer data?



All sensitive data is stored encrypted. Customer data is encrypted at rest using the NSA approved AES algorithm with 256 bit key strength and in transit over HTTPS / SFTP or PGP.


Maytech’s mail servers are set to require TLS encrypted communication.

None, we never access Customer data.


Administration of production servers containing customer data is restricted to named individuals only. Access is restricted to SSH2 and locked to specific Maytech's IPs. Authentication is two factor - public key and Time Based one Time Password (TOTP).


General support staff cannot access the Customer's Mutual data and are granted a one time read only access link to review account information at the request of the customer.

What cryptography protocols are used by web site and/or web services used in Maytech's platform?


What are Maytech cryptographic infrastructure and standards used to secure data?

Transport Layer:  TLS 1.2.


Authentication and Key Exchange; ECDHE-RSA 256 bit (with forward secrecy) .


Symmetric Algorithm:  AES256bit in GCM Mode.


Integrity Algorithms: SHA-256
(https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know).

Does the Customer control & own the encryption keys?

SSH-key authentication for SFTP is available.

How and where do you store encryption keys? (How do you ensure isolation of the keys from the data?)



Software keyring, keyring stored on separate encrypted volume.

Describe your controls to ensure proper and effective use of cryptography to protect the confidentiality, authenticity and integrity of information.

All administrative access is encrypted (SSH with public key and 2FA authentication), customer access is encrypted (secure TLS or SSH), data at rest encrypted (AES-256), the LUKS container key is rotated quarterly.   

At which layer do you terminate SSL (i.e. is internal data transmission encrypted by SSL as well)?

Load balancer with HTTPS communication to web servers.

Is a site-to-site VPN required for the solution?

If so, please give details including supported encryption methods.

VPN access is not supported however access can be restricted to authorized IPs. Additionally we support enhanced authentication security - two factor authentication for web access and SSH public key authentication for SFTP.

Is data encrypted at-rest:

  1. Database data?

  2. Server disks?

  3. SAN storage?

  4. Backup data?

Database data, server disks, SAN storage and backup data are encrypted at rest with AES-256 bit encryption.


Are there any web services APIs exposed by the solution?

REST.

  • No labels