Security and Business Continuity

Data security and business continuity are critical issues to your practice. These key themes are embraced throughout the WealthADV platform, at every layer of the infrastructure. Much focus has been set on ensuring your information remains safe and the platform remains available. With WealthADV your practice leverages proven, "institution class" technology infrastructure at a fractional cost.

Business Continuity

Our systems are located at Peak-10, a "Class-A" hosting provider with facilities in Charlotte, Raleigh, Louisville, Tampa and Jacksonville, FL. This facility is engineered to ensure that the WealthADV platform has the highest level of availability to you and your customers.

Network Connectivity

The network backbone for WealthADV is constructed in a fully redundant configuration to ensure there is no single point of failure. This includes redundant internet access points from multiple telecommunication carriers located in disparate areas of the facility.

Uninterruptible Power

The facility is engineered with a redundant, uninterruptible power system and backup generator to deliver seamless power. In the event of a commercial power failure, an isolated UPS system provides immediate backup power until diesel generators take over the load and continue operation of the center.

Fire Suppression and HVAC

Redundant temperature and humidity controls maintain the optimal operating atmosphere. Double interlock pre-action dry fire suppression system with an integrated Operations Control Center monitoring system and fail-safe alarm system to prevent false discharge.

Backup/ Recovery

A key component of the WealthADV platform is a comprehensive recovery plan for timely recovery from any outage causing event. For added protection your client data is backed up daily and stored offsite.

Security Architecture

Data Security

All WealthADV Platform site credentials and sensitive client information are encrypted using the Advanced Encryption Standard algorithm (Rijndael) with unique 256-bit keys per user. All master passwords are also encrypted with a different 256-bit global key.

Application/System Security

The operating system platforms that WealthADV runs on are hardened to prevent backdoors and other system vulnerabilities. All the components are devoid of backdoors. Software infrastructure components such as the database and application servers are configured on ports other than the default ports and up-to-date with all known security patches.

Communication Security

All communication to, from and between WealthADV components occurs over SSL sockets with a 128-bit key. This makes sure that all communication including usernames and passwords exchanged between components happens on an encrypted channel. WealthADV ensures that web browsers connecting to the platform are using at least 128-bit encryption.

Network Security

At the perimeter of the WealthADV complex, routers perform packet inspection and provide protection from malicious denial of service attacks. Our firewall configuration segments the LAN into a demilitarized zone (DMZ) that host the web servers and the proxy outgoing web server, and an internal NAT-ed network that hosts the application and the database servers.

Managed Intrusion Detection and Prevention System

Managed Intrusion Detection and Prevention System (MIDPS) is integrated into the network security fabric and is responsible for detecting anomalous, inappropriate, or other data that may be considered unauthorized on the network. Regular firewalls are configured to simply allow or deny access to a particular service or host based on a set of rules. MIDPS goes much further, enabling Security Operations Center to capture and inspect all traffic, regardless of whether it’s permitted or not. Based on the content of each and every packet, it is determined if it is safe. MIDPS detects, alerts and blocks for security threats including buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, backdoors, Trojans and Microsoft operating system and applications vulnerabilities, DdoS clients and many more.

Physical Security

Physical access to our hosting facility is limited to very few personnel. It can be obtained only through a multifactor authentication scheme that includes biometrics, a physical token and a PIN. In addition, video surveillance cameras are hidden throughout the facility, monitored, 24x7 and strategically placed motion/vibration detection devices alert data center personnel of any forced entry.