I just read this paragraph in the Evernote security and privacy information page. Does this point to a good data security infrastructure?
Operational security is equally important, and physical infrastructure and operations procedures reflect that. The data center where the Evernote service operates is SAS 70 (Type II) and SSAE16 SOC–1 (Type 2) certified and requires two-factor authentication for admittance. All access to the data center is limited in scope of personnel and regular audit reviews are conducted.
As I understand it, their recent move to 2048 bit SSL keys is really good and exponentially strengthens the encryption used to secure data transmission to and from their servers but what about the rest?