Article

How Whitepages Pro Approaches Cybersecurity and Data Privacy

With all the security compromises and data breaches in the news, we wanted to share the way Whitepages Pro approaches cybersecurity. We understand that the security and confidentiality of the data you send us is important. That’s why we continuously monitor our systems and regularly evaluate our information security controls to ensure they’re appropriate and effective.

We’re focused on security in several main areas:

Access control: access to systems and data at Whitepages is always on an as-needed basis. We use Role-Based Access Controls to enforce this. Employees are given access only to the systems relevant to their job function, and any exceptions must be processed through a workflow with appropriate approval.

Application development: secure coding needs to start before a single line of code is written. That’s why Whitepages provides all its development staff with access to a large catalog of secure coding training and materials. We also deploy our code to a staging environment where it is tested and validated before moving into production.

Availability: great security at your Data as a Service (DaaS) provider is a must, but you also need the service to be up all the time. That’s why we’ve architected our software and infrastructure to be auto-scaling and hot-hot all the way up the stack. Our uptime track record has been so great, we even commit to 99.95% availability of our Pro services.

Compliance: maintaining compliance with cybersecurity standards is foundational to a secure system. We adopted ISO 27002:2005 before it was cool, and we’ve been continuously updating our controls ever since. A SOC 2 assessment and report is even on roadmap for Q4 2018 to cover security (common criteria), confidentiality, availability, and privacy.

Encryption: encryption ensures that if any traffic is intercepted, it’s unusable. Internally, Whitepages employs best-practice encryption like AES-256 and RSA-2048. Externally, our systems support, and default to, HTTPS via TLS 1.2.

Infrastructure and network security: nobody wants defense-in-shallow. That’s why Whitepages implements multiple layers of security, known as defense-in-depth. At the physical layer, we only use ISO 27001 certified data centers, and we review their SOC 2 Type 2 reports annually to ensure they are implementing their controls effectively. This includes 24/7/365 staffing and physical security. In the logical layers, we default to deny all, which means all non-public connections to our corporate and infrastructure networks needs to be from an authorized source.

Third-party review and support: fewer than half of breaches are identified internally, because if a bad guy can get past your security controls he’s probably exploiting something you don’t have visibility into. That’s why Whitepages works with Anitian. They augment our in-house security staff and provide pen testing and independent security assessments to ensure we’re doing everything possible to protect our systems and data.

Customer data privacy: along with protecting our systems and data, Whitepages Pro ensures that customer privacy is also protected. We have a clear, compliant set of rules around when and what we log, and also what we do with it. And we never sell your data. As an international company, Whitepages Pro is also compliant with EU Privacy laws.

We care as much about your data as you do. That’s why we’re constantly working to implement and improve controls that reduce both the likelihood and impact of a potential incident. We design our systems using the defense-in-depth model, implement strong encryption, have a third-party party check our work, and we always respect your privacy by never selling the data you send us.

Thanks for reading! You might be interested in these posts, too: