Each client has their own separate database instance and runs a unique instance of the application framework.
SSL Security: SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
Every CUBE application is accessed using https:// and clients can easily notice their browser's security indicator. This indicates that the site is properly secured, usually with a green lock icon. If you test your CUBE access URL using the SSL Labs Server Test, it will get an A grade suggesting the highest level of SSL security available.
Application Security and User Access Management CUBE implements “secure log-on procedures” by choosing, implementing and using suitable authentication techniques, not disclosing sensitive information at log-on time, data entry validation, protection against brute-force attacks, logging, not transmitting passwords in clear over the network and session inactivity timeouts.
CUBE has taken measures to protect against common web application security vulnerabilities by implementing the following measures:
· CSRF protection
· Brute-Force Attack mitigation
· Form tampering protection
· SQL injection protection
· Enforcing SSL Security to protect against MITM attacks
Furthermore, clients are encouraged to lay out the roles and responsibilities for information security, and allocate them to individuals using CUBE’s very granular RBAC (Role-Based Access Control system). Where relevant, duties should be segregated across roles to avoid conflicts of interest and prevent inappropriate activities. The allocation of access rights to users is controlled from initial user creation through to removal of access rights when no longer required, including special restrictions for privileged access rights.
System and Application Access Control Information access is restricted in accordance with the access control policy e.g. through secure log-on (SSH keys only), password management, control over privileged utilities and highly restricted access to application source code and repositories.
FULL SERVER BACKUP Appropriate backups are taken and retained in accordance with a backup policy.
Our hosting provider offers easy-to-use backups built into the server interface. This service provides automatic, weekly system-level backups, allowing you to easily revert or spin up new instances off of the created images. Each weekly backup is retained for 4 weeks before being recycled.
The hosting provider uses a snapshot-based backup system that will create a point-in-time image based on the current state of the server. This process happens automatically within a pre-determined scheduling window, and is completed in the background while the server is running. This provides system-level backups of our server without powering down.
The following process occurs on our server when a backup occurs:
1. A snapshot of the live system is taken, creating a crash-consistent, point-in-time image.
2. The snapshot is backed up off-disk.
DATABASE BACKUP Databases store some of the most valuable information in your infrastructure. Because of this, it is important to have reliable backups to guard against data loss in the event of an accident or hardware failure.
The hosting provider utilizes the Percona XtraBackup backup tool to provide a method of performing "hot" backups of MySQL data while the system is running. They do this by copying the data files at the filesystem level and then performing a crash recovery to achieve consistency within the dataset.
This system automates backups of MySQL data on our server. It uses cron (task scheduler) and the Percona tools to create daily secure backups that we can use for recovery in case of problems.
LOGGING AND MONITORING System user and administrator/operator activities, exceptions, faults and information security events are logged and protected. All failed user login attempts are logged and this is coupled with our brute force attack mitigation mechanism which locks out the offending user’s IP address for a pre-determined period (5 mins to 2 hours) after 3 consecutive failed attempts.
REDUNDANCIES Our hosting provider has sufficient redundancy to satisfy high availability requirements.
Communications All communications with CUBE are transmitted over TLS (HTTPS). Connectivity to our servers is done via SSH we only use SSH keys to securely set up our access. As an additional security measure, password authentication has been strictly disabled and SSH port obfuscation has been implemented.
Data Center Security
Our hosting provider’s datacenters are co-located in some of the most respected datacenter facility providers in the world. They leverage all of the capabilities of these providers including physical security and environmental controls to secure their infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by their datacenter facilities includes but is not limited to:
· 24/7 Physical security guard services
· Physical entry restrictions to the property and the facility
· Physical entry restrictions to our co-located datacenter within the facility
· Full CCTV coverage externally and internally for the facility
· Biometric readers with two-factor authentication
· Facilities are unmarked as to not draw attention from the outside
· Battery and generator backup
· Generator fuel carrier redundancy
· Secure loading zones for delivery of equipment
Our hosting provider’s infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.
Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. They consider any system which houses customer data that they collect, or systems which house the data customers store with them to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.
Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.
Systems controlling the management network log to their centralized logging environment to allow for performance and security monitoring. Their logging includes system actions as well as the logins and commands issued by their system administrators.
The hosting provider’s Security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within their infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following their incident reporting and response procedures.
Server Security & Employee Access
The security and data integrity of customer servers is of the utmost importance. As a result, their technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.
Snapshot and Backup Security
Snapshots and Backups are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can directly manage the regions where their snapshots and backups exist which allows the customer to control where their data resides within our datacenters for security and compliance purposes.
ISO/IEC 27001:2013 Certification
The hosting provider is certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, DigitalOcean has demonstrated a commitment to protecting sensitive customer and company information. That commitment doesn’t end with a compliance framework, but is necessary baseline for security. Our ISO/IEC 27001:2013 certificate can be viewed here.
EU-U.S. Privacy Shield Framework
The hosting provider is an active participant in and comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission. The framework provides them a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States.
Datacenter Colocation Attestations and Certifications
All of their datacenters are independently audited and/or certified by various internationally-recognized attestation and certification compliance standards. Many of the SOC reports and certifications listed below are available if a signed NDA is in place between the hosting provider and their customer.
The General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR became enforceable on May 25, 2018, strengthens the security and protection of personal data in the EU and serves as a single piece of legislation for all of the EU. It replaced the EU Data Protection Directive and all the local laws relating to it.
The hosting provider supports the GDPR and all their services comply with its provisions. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it has raised the bar for data protection, security and compliance in the industry.