Blog

Part 5: Putting Security to the Test

Written by Q2 | 30 Oct, 2017

Over the past few weeks, we've been discussing multilayered security and how it helps protect your brand and your account holders from fraud. Today, we'll talk about the ways Q2's many-layered approach protects your brand by verifying that our environment is secure.

Like a lot of security-minded people, I have an alarm system in my home. If I want a layer of protection beyond the locks on my doors and windows, I can set it when I leave or when I go to bed at night. The system has all the typical parameters of a home security system: Anyone opening the door has 30 seconds to disable the alarm; an opened or broken window also triggers the alarm; and, finally, there are motion detectors throughout the house that will trigger an alarm if movement is detected while the system is set. Pretty standard stuff—and, because we're living in the age of mobile everything, I can set and reset it from my phone.

The most recent enhancement to this system is geolocation; I can set the system to notify me if I go more than 25 miles from home without setting the alarm.

Needless to say, with this alarm system, I feel more secure.

But I realized a few days ago that I hadn't heard anything from the call center that monitors our alarm system in what felt like a long time. I began to wonder if the alarm was working; so, I decided to put my security system to the test. After setting the alarm, I opened the door to the garage myself. Sure enough, the call center called me moments later and I had to authenticate myself.

All was good and I felt secure.

At Q2, we put our security to the test constantly. Our datacenter is on high alert at all times. We can't afford to have our system not working. To ensure it's safe, we have independent third parties perform vulnerability scans on our system—much in the way I triggered my own home system. And, like my home system that monitors threats coming from outside as well as motion within the house, Q2 ensures our security posture both internally and externally. This is our first line of defense in monitoring our environment. And, because our clients have a huge stake in our security being topnotch, the results of these third-party tests are provided to our clients.

Additionally, we use independent third parties to perform more intrusive penetration tests to ensure the rest of our security system is operating effectively. These second line of defense penetration tests use more brute force; the comparison here would be breaking a lock, door, or window, rather than somehow bypassing the lock. We also provide the results of these test to our clients, to reassure them that our security is working.

Finally, as a third line of defense, our clients continually test our perimeter and our applications by using their own third-party contractors to perform application penetration testing. Q2 responds to these independent third-party tests, urgently resolving any issues or weaknesses detected by these tests.

These are just a few of the ways we monitor our environments, but Q2 has a lot of other monitoring and security processes in place, each contributing to ensure we're operating in a safe environment. We take security very seriously, doing everything in our power to ensure our clients aren't exposed to risk through our datacenters.

This concludes my series of blogs about just a few of the ways that Q2 protects your brand and your assets with a multilayered approach to security, and by developing your applications with a security-first approach. I hope you've enjoyed reading my thoughts—and have learned a little something as well.

Thank you for reading and Happy Cyber Security Month.