Security | System
System | Uptime | SLA
More at this LINK
We use open-source client-side framework for developing encrypted communication solutions.
- Strong one-to-one and group encryption
- Perfect forward and backward secrecy
- Works with native secrets management systems like Keychain
Password and Data Protection
We use open-source server-side framework for user passwords and data protection in databases.
- Encrypting sensitive data at rest in databases
- Protecting users’ passwords against online and offline attacks
- Encrypting data per-user by deriving encryption keys from passwords, using a secure two-party protocol
- Data access control based on encryption key management
- Encrypting and sharing files of any size at rest in storage
- Post-compromise data protection based on key rotation, which doesn’t require re-encryption of data
- Compliance with all known data protection and data privacy legislation acts (like GDPR, CCPA, HIPAA, etc.)
Then we have extra mechanisms to secure our platform:
- Cross-Site Request Forgery (CSRF) Prevention
- Cross-Site Scripting (XSS) Prevention
- Output Escaping
- Password Hashing
Extra Security Monitoring & Aggressive Measures
Real-time application security monitoring and access control
- At its core, our globally-available embedded datacenter cluster security tools give us access to the HTTP traffic stream, in real-time, along with the ability to inspect it. This is enough for our real-time security monitoring needs. There’s an added dimension of what’s possible through persistent storage mechanisms, which enable us to track system elements over time and perform event correlation. We are able to reliably block, because our tools use full request and response buffering.
Full HTTP Traffic Logging
- Web servers traditionally do very little when it comes to logging for security purposes. They log very little by default, and even with a lot of tweaking you are not able to get everything that you need. We have yet to encounter a web server that is able to log full transaction data. Our extra security measures give us the ability to log anything we need, including raw transaction data, which is essential for forensics. In addition, we get to choose which transactions are logged, which parts of a transaction are logged, and which parts are sanitized.
Continuous Passive Security Assessments
- Security assessment is largely seen as an active scheduled event, in which an independent team is sourced to try to perform a simulated attack. Continuous passive security assessment is a variation of real-time monitoring, where, instead of focusing on the behavior of the external parties, we focus on the behavior of the system itself. It’s an early warning system of sorts that can detect traces of many abnormalities and security weaknesses before they are exploited.
Web Application Hardening
- One of our favorite uses for our tools is attack surface reduction, in which we selectively narrow down the HTTP features we are willing to accept (e.g., request methods, request headers, content types, etc.). Our tools can assist us in enforcing many similar restrictions, either directly, or through collaboration with other server modules. They all fall under web application hardening. For example, it is possible to fix many session management issues, as well as cross-site request forgery vulnerabilities.
Something Small, Yet Very Important To Us All
- Real life often throws unusual demands to us, and that is when the flexibility of our extra-measure security tools come in handy where we need it the most. It may be a security need, but it may also be something completely different. For example, sometimes we use our tools as an XML web service router, combining its ability to parse XML and apply XPath expressions with its ability to proxy requests. Who knew?
In summary, we have security between your device(s) and our front-ends and front-end-to-backend-database clusters. There are also web application firewalls (WAFs) at both the front-end and between it and the database clusters. Then we have security on the database that locks it to any access even if all the our hybrid cloud hosts’ systems are breached. We secure all our systems this way and subject ourselves to strict audits. This is what we mean by “beyond HIPAA” secured. We are just not simply content to be following the HIPAA guidelines but we maintain a higher level of vigilance to protect you, pro-actively. This is an on-going cyberwar we’re taking an active war against bad actors.