Many times users ask:
Is ZappySys PowerPack Secure to install on Server/Desktop? Are there security risks I should be aware of?
We are one of the most trusted ETL Addons in the SSIS Market space. You can see customer-independent reviews on Capterra and Trustpilot as to why people rate us with such high confidence. Reviews on both sites list current clients in small to medium-sized businesses, enterprise-level corporations, state and local municipalities, and various government branches. We have upwards of 3500 active licenses in over 118 countries. In the history of our company, we have not had a security issue. The details below explain why.
Regarding Security Concerns:
- Our product is not a SaaS offering (service hosted online) which means you install it in your own environment and control your own data without submitting your data to ZappySys servers. Both of our products, SSIS PowerPack and ODBC PowerPack, can be installed in your environment with no risk to you whatsoever.
- You only submit product registration data to us when you activate/deactivate the product or request a new license when the subscription expires.
- All our Installer files are digitally signed so any alteration by malware will be detected by your operating system or anti-virus software.
- You can run our Products in total offline mode (No internet on the server). This can be accomplished by requesting an offline registration key if you don't want to activate it over the internet or if the server is offline.
- We update our products frequently to support the latest Security Standards / Fixes such as TLS 1.2 / 1.3 to support the highest encryption
- When you use our product UI, any password / secret fields you save are by default encrypted.
Here are a few more reasons why we are the best at what we do: Why consider ZappySys?
You can always contact us if you have more questions about our product.
Do we keep your data on ZappySys Server?
As mentioned in the previous section, our products are hosted in your environment so no data is saved/processed by ZappySys servers. Only licensing/registration information is sent to our server which again is not mandatory if you want to run the product in Offline mode (Not connected to Public Internet).
Regarding our SDLC (Software Development Life Cycle)
All our products follow a secure and agile life cycle. Here are some important points on how we approach our product research & development, feedback loop, security, QA, and release cycle.
R&D / Design / Feedback
- At ZappySys we spend a lot of time in innovation, creating world-class products which add tremendous value to Day to Day Data Integration Scenarios.
- Our products touch many categories of modern technologies so we are always busy with R&D / constant Improvements
- We gather our feedback from market research / from Users during our support cycle.
- Feedback reported by customers/trial users is logged and later reviewed by our DEV Team, based on a few parameters DEV team decides to implement them in the coming iteration.
- We have a strict source code access policy
- Our source code is protected by multiple layers of security (e.g. 2FA / MFA, IP Based Security)
- The source code is backed up at multiple locations
- Every source code check-in is reviewed by Product Architects / Managers to make sure coding standard is maintained
- All our traffic is encrypted at minimum TLS1.2
- The product Build environment is highly secure and most of the Product Team members have no access to that environment (only Build Admin can access it).
Agility / Release Cycle
- We understand that time to market is very critical in today's world so when making sure we iterate fast and same time maintain high quality so you get new features/fixes every few weeks.
- Based on severity some issues reported by users are fixed in a few days/hours
- We do not compromise on Quality when delivering fast cycles.
- We have a rigorous QA process to make sure we deliver most releases in a backward compatible way so previous deployments keep running with zero change when you install our new versions (If any breaking change is introduced then we try to indicate it in our Release Notes - it's very rare though)
QA (Quality Assurance)
- Building High-Quality products is our hallmark and we make sure we maintain that standard at every stage
- While delivering new features / fixing issues we make sure they are fully tested before we deliver to the public
- We run thousands of automated tests and manual tests before the product is certified for public release
- We make sure new changes are nearly 100% backward compatible so users can install new versions with confidence, occasionally we have to introduce breaking changes but we notify that in Product Release Notes.