How MX Protects Your Data in the Cloud

MX is dedicated to protecting, safeguarding, and securing the data of our clients, partners, and their end users. MX has strong, established security programs that are supported by a comprehensive suite of security, confidentiality, and privacy policies, processes, procedures, and controls. Know that your data is secure and protected regardless of where it resides with MX.

MX’s approach to security includes a defense-in-depth strategy. This strategy applies to both on-premises and cloud-hosted operations. In addition, MX recognizes that security and compliance are shared responsibilities between MX, clients, and any third party cloud providers.

Maintaining the Highest Security Standards with Cloud Computing

Our goal is to deliver a better customer experience by migrating our data stores and products to a scalable public cloud solution, creating more stable and available operations to support clients and partners both now and into the future.

MX will continue to hold itself to the highest security and privacy standards to safeguard data. Read more about How MX Protects Data.

We will continue to maintain and enforce core security controls, such as robust Identity and Access Management and Data Protection, developed in conjunction with our cloud providers and backed by MX’s Security Program, to safeguard your data and that of your end users, including:

IDENTITY AND ACCESS MANAGEMENT

MX employs multiple capabilities to ensure that access and authentication to MX product environments and data are strictly regulated. For entitlements, we employ the philosophy of least privilege, role-based access, and centralized administration. On a regular periodic cycle, entitlements are reviewed and approved. We require all administrative actions (via API and/or web console) to our cloud environments to come from known sources where device hygiene is validated. Lastly, multi-factor authentication is used for all user access to cloud administrative services.

DATA PROTECTION

Protecting data in all modes (at rest, operations, and in-motion) is critically important to MX. Our strategy begins with a comprehensive data classification and data inventory standard. MX leverages modern cryptography and secrets management to protect data. Data classified as sensitive, privileged, or confidential is encrypted both in transit and at rest using cryptographically strong encryption mechanisms. For sensitive data in transit, MX leverages TLS 1.2, 1.3, and IPSec. For data at rest, MX supports field-level encryption using MX Vault. The MX Vault encrypts data using AES-256 symmetric keys using FIPS 140-2 validated ciphers for key generation. MX continually encrypts data at rest and rotates the keys used by the MX Vault regularly.

NETWORK SECURITY

A foundational item in any cloud environment is how the network boundaries are secured. MX uses a robust mix of tools, policies, and procedures to keep network traffic, both internal and external, limited to authorized parties. Firewalls, IPS/IDS, DDoS protection, logging, and access controls list are just a few of the ways that MX detects and mitigates malicious requests. Logs are also routinely monitored for continuous improvements to our control lists and to reveal any exploitation of programming errors.

NETWORK SEGMENTATION

Our cloud environments are architected to create an isolated environment between different products, employing the concepts of zero trust, while leveraging a common service layer (networking, identity, etc) for efficient management and monitoring.

MX complies with industry standards and regulations. Payment card data is stored and transmitted in accordance with the current applicable Payment Card Industry Data Security Standard (v3.2.1). Our data transmission and storage meets local privacy and data protection use and residency requirements.

MX policies and procedures as well as Payment Standards require that strong encryption is used to protect data at all times. Data at rest is protected via encryption controls. MX follows NIST guidance to ensure only acceptable strong cryptography is implemented.

Access to data is limited to those with a business justification following least privilege. Data at rest is monitored by audit logging, file integrity monitoring tools, or similar controls (such as endpoint detection and response).