Hightower is a leasing management platform that brings all constituents of the leasing process together to collaborate in one place. Leasing teams, asset managers, and portfolio managers now have one platform to work in real-time.
This whitepaper explains the various information security measures that protect your critical portfolio data:
We know that data is mission critical to the success of your leasing business, so the Hightower platform is designed to make that data simultaneously accessible and secure.
Administrators control access to their portfolio information via the Hightower administration interface, which allows them to add and remove users, and set individual user permissions and access rights on a per-asset basis.
Admins set one of four different permission levels for each user on a given asset:
|Level||Access||Invite Others||Administer Asset|
|Read-Write & Invite||Read-Write||Yes||No|
Admins also set the scope of user's access to asset data:
The user may see and report on new and “in-house” deals – i.e., relocation, renewal, expansion, and contraction deals.
The user may access tenant “rent roll” information. This includes financial and non-financial terms, occupied spaces, and other insights.
The user may access budget information on the designated asset for reference and side-by-side deal financial analysis.
Users can enable or disable sharing for each file associated with an asset or space, allowing fine-grained control of confidential information.
In addition to the framework above, Hightower also maintains a full change log of every change made in the application to provide full visibility into user activity.
Hightower implements a variety of security features to protect against unauthorized access to your account:
Two-factor is an additional level of security that protects your Hightower account during login. The first level of security is your password, the second is a token generated by an authenticator app on your phone.
Hightower supports single sign-on (SSO) via the SAML 2.0 open standard. This streamlines user provisioning and deprovisioning, and allows customers to access Hightower with their corporate login credentials.
Account activity alerts
Users are notified of account activity by email when any security-sensitive events occur, such as password changes or account lock-outs.
Users can monitor and control active login sessions from any web browser. If a mobile computing device is lost, active sessions can be immediately terminated to prevent unauthorized access.
Administrators can restrict user invitations to a whitelist of approved email domains (e.g., gethightower.com). This feature prevents accidentally adding Bob Smith at Company A, when you really meant Bob Smith at Company B.
Hightower supports Touch ID on iPhone 5+ to provide biometric protection of login credentials.
Hightower utilizes a range of advanced technological and managerial safeguards to protect your data:
Hightower uses the Secure Sockets Layer (SSL/TLS) to encrypt data in transit. We use strong ciphers and enable perfect forward secrecy on supported clients. Authentication cookies are flagged as secure, and we have set a HTTP Strict Transport Security (HSTS) policy on all HTTPS endpoints. We encrypt all data at rest using 256-bit Advanced Encryption Standard (AES).
Robust cloud infrastructure
Hightower is built using Amazon Web Services (AWS), a proven, secure, and scalable cloud infrastructure platform, certified to SSAE16/SOC1, SOC2, ISO9001 and PCI DSS1 standards.
Third-party security assessments
A specialist independent security firm performs regular and comprehensive audits of Hightower’s application security.
All application and administrative activity is logged, with attribution to end user, timestamp, and IP address.
Employee background checks
New hires undergo a stringent set of educational, professional and criminal background checks to ensure they meet the required educational and competency levels.
Security awareness training
Employees undergo a comprehensive security education program during onboarding and annually, with specialist OWASP training for engineering staff.
Hightower’s dedicated Security Team has implemented a comprehensive information security program aligned with the Cloud Controls Matrix v3.
The Hightower platform has been designed to help commercial landlords and brokers collaborate effectively and in real-time, while providing security and peace of mind.
If your organization requires a more detailed presentation of Hightower’s security program, please contact your account executive.