Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Security encompasses numerous facets. On this and subsequent pages, we aim to provide essential information to enhance your understanding of our security strategy.

Physical Access

All our services are hosted in AWS. Their data centers are at least SOC-2 compliant and providing a wide range of industry-specific compliance certifications. These certifications address a range of security controls including physical and environmental security and protection. Access to the data centres is limited to authorized personnel, and verified by biometric identity verification measures. Physical security measures include on-premises security guards, closed circuit video monitoring, man traps, and additional intrusion protection measures.

Learn more about digital access of our employees here.

Architecture

On a physical level, the infrastructure is separated into a public network for static files and the load balancer and a private network for the servers and the database. This limits the attack vectors to our infrastructure.

Encryption

Data transfered from and to our services are encrypted with TLS 1.2. The implementation of TLS enforces the use of strong ciphers and key-lengths where supported by the browser.

All customer data that are stored in our environment are encrypted on data drive level.
Additionally there are data we consider sensitive (e.g. access tokens) not even our support staff should have access to. These data are additionally encrypted within the database with AES-256.

Backups

Amazon RDS snapshots are retained for 30 days with support for point-in time recovery and are encrypted using AES-256 encryption. Backup data is not stored offsite but is replicated to multiple data centers within a particular AWS region. We also perform quarterly testing of our backups.

Key Management

yasoon uses the AWS Key Management Service (KMS) for key management. The encryption, decryption, and key management process is inspected and verified internally by AWS on a regular basis as part of their existing internal validation processes.

Deployments

We use Azure DevOps CI for deployments and releases.
All code changes have been reviewed and approved by 4-eyes principle.

Single Sign-On

tbd

Data Center

tbd

Security Testing

See Marketplace Security Bug Bounty Program

All our apps are part of the Marketplace Bug Bounty Program.

  • No labels