ClearSlide Security

Companies that trust ClearSlide:

wsj
lexisnexis
linkedin
rackspace
surveymonkey

Security Certifications

AICPA Service Organization Control Reports
TRUSTe
ssl encryption

Encryption

Trust begins by ensuring that data is secure. ClearSlide only transmits login, passwords, tokens and other sensitive metadata using 2048 bit RSA keys from our SSL certificate provider. In addition when you store collateral within ClearSlide we use the Advanced Encryption Standard (AES) to encrypt each one with its own unique key. Most providers use 3DES which is still strong, but the current NIST (National Institute of Standards & Technology) recommends using AES which is what the US Government uses.

In addition you can ask your account executive or account manager to enable SSL for all your communication within ClearSlide simply and easily.

Unique URLs

Beyond offering industry leading security and encryption ClearSlide email pitches use a unique 20-digit URL schema that ensures that your email pitches can go to just your audience and only your audience. Each URL has a nonillion possible combinations or a 1 with 30 zeroes after it (or 1030). Sometimes also referred mathematically in shorthand (demonstrated graphically to the right). For the sake of comparison being struck by lightning has a likelihood of 576,000 to 1, or winning a Olympic medal which is 662,000 to 1 or becoming an astronaut a likelihood of 13,200,000 to 1. Statistically speaking a number that large is not crackable as quoted in a recent Washington Post article.

Unique URLs
Advanced Passwords

Advanced Password Features

One of the first ways to protect your content is to make sure that our customer’s employees have strong passwords, an optional feature that you can have your account executive or account manager turn on is our password enhancement feature. With the password enhancement feature turned on each user will be required to change their password every 90 days, will not be allowed to use any of the previous six passwords, passwords will be required to be at least 8 characters long, and be complex. Users will also not be able to change their password more than once per day in order to ensure that users aren’t trying to circumvent the six previous used passwords. In addition users will be provided with a visual queue to the strength of their password to let them know if they are creating strong or weak passwords.

Ongoing Security Testing

Security is an evolving and often changing paradigm as such if a site isn’t constantly checking for new risks and threats chances are a new one has come along that the site is ill-equipped to handle. ClearSlide deals with this by doing continuous security testing through a number of means including using weekly vulnerability scanning, always on application security testing, frequent penetration testing and static code analysis to ensure that new code does not expose our applications to the most common categories of threats as identified by the OWASP Top Ten, and the Web Application Security Consortium Top 25. When a new risk is identified we immediately begin looking at how to mitigate it until a fix can be instituted using our Software Development Life cycle (SDLC).

Security Testing
Group Based Security Permissions

Advanced Group Based Permissions

Using existing Users, Groups, roles (such as Admin and Group Admin) our customers will be able to set at a discrete level permissions to content, tags, analytics and other aspects of your usage of ClearSlide. Through ClearSlide’s Group Based Permissions you will be able to find the right balance of control and authorization that meets your corporate needs and security policies. ClearSlide wants to provide our customers with as much or as little access control as they feel is needed to meet their growing needs without making usage of the platform too complicated or confusing.

Highly Available and Protected Platform

ClearSlide has created relationships with three of the top data center providers to ensure that our site is available when you need it to be. We have implemented Distributed Denial of Service protection to ensure that should the site come under an attack we will be able to continue to offer you our customer a great experience. The Internet is a dangerous place sometimes and ensuring that ClearSlide is highly available when you need it is a core function and requirement of ClearSlide.

Protected Platform

;