HirePOS data is stored in a separate Azure SQL Database for each client subscription, and is hosted by Microsoft in the Australia East location using the Azure cloud infrastructure. Azure SQL Database is always running on the latest stable version of the SQL Server database engine and patched OS with 99.99% availability.
As each subscription is stored in its own discrete SQL database instance, you can rest assured that the actions of HirePOS users and subscribers other than your invited users have no bearing on your data integrity, security, or accuracy.
Our Azure SQL Servers are protected by firewall rules that only allow network traffic from the HirePOS web applications hosted within the same data centre. We are very clear on ensuring that the only way to modify your data is through direct user actions within the HirePOS application.
To protect your business from data loss, SQL Database technology is used to automatically create full backups every week, differential backups every 12-24 hours, and transaction log backups every 5 to 10 minutes. The frequency of transaction log backups is based on the compute size and the amount of database activity. Backup data is stored in geo-redundant (RA-GRS) storage blobs that are replicated to a paired data centre region (Australia Southeast). This helps us to protect against outages impacting backup storage in the primary region (Australia East) and allows us to restore our servers to a different region in the event of a disaster. Azure SQL Database retains sufficient backups to allow PITR (Point In Time Restore) within the last 7 days.
In short, your data, whist secured, within tight controls, and confined to the HirePOS ecosystem, is virtually indestructible, even if a natural disaster or other catastrophic event were to significantly impact an entire Australian state.
In addition to the above, and other industry standard security practices, we make use of Azure Defender, which amongst other security benefits, will inform us of any suspicious activity around access requests from unknown or unexpected sources. This provides us with an extra set of tools to help protect your data, and keep you in the loop of any suspicious activity.
As always, no amount of best practice security measures can protect against weak passwords, poorly managed credentials, and vulnerabilities at the user end. It is expected that all users do their part to uphold security of their (and their business') data, such as:
- Using the Multi-factor authentication that we make available for all user accounts via Microsoft and Google.
- Create strong, secret passwords that are not shared or otherwise revealed
- Ensure strong security practices on their computers, such as
- Maintaining up to date malware protection
- Keeping their operating system up to date
- Not allowing their web browser to 'remember' their password when it can be accessed by others, or others know their computer password