What kind of internal controls does EasyPost have for accessing servers or customer data?
Customer data can be accessed by employees for legitimate business purposes through several custom-developed and open-source tools. All such tools are accessed either through SSH or TLS-protected HTTPS connections.
All administrative HTTPS connections are authenticated through a delegated SSO system and are limited to TLS 1.2 with PFS cipher suites. SSH is restricted to public key authentication.