by EMC

Syncplicity Enterprise and Business Editions deliver AES-256 encryption of data

during transmission and at rest in
a highly secure file sync and sharing service built to
our data centers and on user
meet the requirements of businesses. Ensuring
mobile devices
customer data is safe and available are of the
Data stored in four geographi-
utmost importance. In order to achieve the goal of
cally dispersed SSAE16 SOC2
security, Syncplicitys service is built upon many Audited data centers using high
years of experience and uses multiple levels of redeundancy storage
defense-in-depth to ensure end-to-end confidential- 99.999999999% data durability
ity of customer data. Encryption keys and data stored
in separate data centers
Hosting Certifications
All of Syncplicitys servers are housed AES-256 SSL encryption is used for
Internal controls protect user
in data centers that have successfully all authenticated website access, as privacy
completed a SSAE 16 SOC2 audit well as client interactions with the Customer IT Controls and trans-
and testing from independent audi- service backend. No data is ever parency protect user data
tors. This certifies that each data transmitted unencrypted over the
center has met rigorous requirements internet.
around physical security, physical
given key or a weakness found within
access, and internal controls. To ensure client security, the client
the AES encryption algorithm itself,
never opens any externally accessible
the combination of using the highest
Network and Storage port, communicates with any non-
level of AES and a unique key per file
Security authenticated source, and stores
revision substantially increase security
All data being transported or stored cached credential information in an
by increasing the level of work
within Syncplicity is encrypted with the encrypted format to close three of the
required for a compromise and by
highest levels of encryption available most common client attack vectors.
limiting the potential scope of vulner-
for each phase of its lifecycle to
ability to a single file revision.
protect files the moment they leave a All files within Syncplicity are stored
clients computer. Data in flight and at with AES-256 encryption using a
All files are stored in quadruplicate
rest are encrypted using military grade strongly generated key that is unique
across three data centers to provide
AES encryption set to its highest to each file revision. In the unlikely
99.99999999999% durability for files
256-bit level. case of a brute-force compromise of a
and provide availability in the face of

sales@syncplicity.com | www.syncplicity.com | 1-888-997-9627 2013 Syncplicity, Inc. All Rights Reserved.

 by EMC
the loss of two data centers. If a file is
deleted, the encrypted file itself will be
removed from storage and the related
encryption key for each of its associ-
ated file revisions will be destroyed.
When storage is decommissioned, all
current providers use the techniques
detailed in DoD 5220.22-M (National
Industrial Security Program Operating
Manual) or NIST 800-88 (Guidelines
for Media Sanitation) to destroy the
encrypted customer files as part of the
decommissioning process.
Internal networks are kept clearly
divided from external networks and
are protected by industry standard
firewall and proxy configurations to
prevent unauthorized direct access.
Best-in-Class Mobile App Security
Syncplicity protects user data on
mobile devices by using AES 256-bit
encryption for data during transmis-
sion and while stored on the mobile
device. Syncplicity Mobile Apps allow
users to set 4-digit PINs in addition to
their normal device password as an
extra layer of security. Failure to
properly enter the 4-digit PIN will
automatically delete user data.
Syncplicity Mobile Apps can also be
remote-wiped by users or Admins if a
device is lost or stolen.
Two Data Center Policy
For an additional layer of security,
Syncplicity maintains all servers
responsible for authentication and
encryption key management in a
separate data center from the data
centers housing the encrypted file
sales@syncplicity.com | www.syncplicity.com | 1-888-997-9627
data. The encrypted file data and sync and share files and folders,
proper file version encryption key are along with tracking of the sync and
brought together only on an sharing of corporate data for
as-needed basis and in a tracked compliance purposes.
manner. By keeping the encryption Easy enforcement of data retention
key completely separate from the file policies, enabling shared files and
vault, Syncplicity provides a higher folders to be automatically and
level of security by not having a single permanently deleted from user
point of compromise. devices when that information is
un-shared with a user, whether
Internal Syncplicity Controls they are an employee, contractor
To ensure proper internal controls on or anyone outside of the company.
access to customer files, employee
The ability to remote wipe any
access to the Syncplicity infrastructure
users account, their individual
is controlled and managed. Systems
computers or mobile devices of all
are monitored for security issues and
corporate data managed under
software updates.
Syncplicity associated with a user
or particular device, in the event a
Syncplicity only provides data center
device is lost, an employee is
access to employees who have a
terminated, a contractor is finished
legitimate business need. When an
with their assignment, or for any
employee no longer has a business
other information compliance
need, access is immediately revoked.
reason.
Additionally, no employee besides our
Native support for single sign-on
VP of Engineering and our CTO have
(SSO) against any SAML or
access to both authentication and key
OpenID based federated identity
management data centers and
provider to enable use of existing
encrypted file storage data centers to
credentials such as Active
prevent any potential unauthorized
Directory/LDAP, Google Apps, and
disclosure of customer data.
OneLogin, including optional
2-factor authentication.
Customer-controlled Policies
Syncplicity offers business several
ways to protect data from loss at the
user-level. The Syncplicity Security
and Compliance Center in our Busi-
ness Edition gives companies and
their IT Administrators:
Centralized control over which
devices -- either computers or
mobile -- inside or outside the
company may be used to access,
2013 Syncplicity, Inc. All Rights Reserved.