Secure, robust, reliable.
Successful businesses are built on the knowledge of every team member. Evernote Business gives your company the tools to collect, discover and share the ideas, research and know-how that creates an effortlessly productive workplace.
The following document outlines Evernote’s approach to technology and infrastructure and how these choices allow Evernote to deliver a secure, robust and reliable service.
Ensuring that data stored in Evernote is securely maintained and always accessible are two of our highest priorities. Each requires consistent and detailed execution through every phase of building and operating the Evernote service. These design principles have helped Evernote establish an outstanding track record of uptime and data integrity.
Each day, tens of thousands of new users join Evernote, so it is critical that we manage new traffic and data requirements alongside the existing service load. As a combined cloud and client application service, Evernote is prepared to handle an extremely high volume of requests from a variety of different client applications on many platforms, including from third-party services that have built integrations on the Evernote platform.
Evernote’s shard architecture is able to scale horizontally to handle all current and future load. Each block of users serviced by a shard is physically and operationally completely independent from all other shards. Were something to happen on one shard which made it unavailable, it would affect only a small fraction of the user base, leaving all others with uninterrupted service. This also means that capacity can be added as needed to grow dynamically with the needs of our customer base.
The service is hosted off-site in our primary data center located in Santa Clara, California, and is serviced by redundant Internet connections from multiple providers. Incoming Internet traffic is routed via redundant advanced load balancing gateways with dedicated SSL accelerators.
For a more detailed description of Evernote’s shard architecture, refer to the blog post by Evernote CTO Dave Engberg.
Evernote employs a 24x7 operations team with security backgrounds that maintains multiple levels of up-to-date firewall protection, intrusion detection, and access control audits. Industry standard SSL encryption is implemented in all client-to-server traffic, making use of dedicated SSL accelerators, and strict adherence to documented security practices is required of all third-party platform partners.
Operational security is equally important, and physical infrastructure and operations procedures reflect that. The data center where the Evernote service operates is SAS 70 (Type II) and SSAE16 SOC-1 (Type 2) certified and requires two-factor authentication for admittance. All access to the data center is limited in scope of personnel and regular audit reviews are conducted.
The scalability and security characteristics of the Evernote Service ensure that Evernote is there when you need it, wherever you may be.
Evernote has built an architecture around these high availability goals that allows for short weekly maintenance periods with near-zero impact to any of our user base around the world. Outages of a single shard during this 5-minute or less maintenance window typically go unnoticed due to the design of Evernote client applications, where an always-on data connection via the Internet is not required.
In addition, all data is backed up at least once daily to our secondary data center, ensuring that we can recover all note data even in the face of catastrophic data center loss. Visit status.evernote.com or our support page to view the current status of the Evernote service at any time. Evernote also posts updates to a Twitter handle (@evernotestatus) about outages, status updates, etc.
Evernote complies with the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information collected from users residing in the European Union and Switzerland. We have certified that we adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program, and to view our certification page, please visit www.export.gov/safeharbor