Network diagram

Infrastructure, data protection, security

Hosting

We do not host the data and the application. We outsource this to an external company whose mission is focused on providing secure and reliable hosting solutions. Our provider is OVH, one of the largest global companies active in this field. More info about their security, the data centers they operate and their worldwide network.

Application, database and services are deployed on dedicated "bare metal" servers (i.e. single tenant servers and thus not virtually spread over shared servers). This has the following advantages:

  • We can decide where to physically locate our servers
  • We manage the servers ourself (all operating systems and software installed are validated by our Head of Technology)
  • We control the security up to the server itself (e.g. encryption of hard disks)
  • We are not impacted by the performance and stability of other tenants on the same sever
  • We eliminate the risk of data being shared with other companies using the same server

Environments

Development, testing and production are segrated on 3 different environments.

Continuity

The infrastructure is duplicated in 2 geographically distant data centers located in France. Failover procedures are documented and tested regularly.

On top of that, an additional backup is saved twice a day at another supplier located in Germany.

Patches

Systems are updated and patched on every release. We have releases every 4 weeks.

Protection of servers

The servers are protected by a firewall. Access is always done via private key and not password. IP addresses trying to access our servers are blocked after 5 failed attempts.

Protection of data

The hard disks of all servers are encrypted. The database and the file storage are located on servers that are not accessible from the internet. Databases on the client iPads are encrypted too.

Access of admin interfaces

Admin interfaces can be accessed only from a limited number of IP addresses(3).

Incident response plan

Monitoring system

We have a monitoring system that automatically checks many aspects of the system (infrastructure, but also database access, queuing system, etc.)

  • In case of an incident, two “waves” of warning are foreseen
  • First warning sent by e-mail and SMS to 2 senior back-end engineers
  • After 5 minutes, if incident is not closed, warning is sent by e-mail and SMS to 2 directors of Proxyclick

Documentation of incidents

The response to different types of incidents is documented in a shared repository.

Failover mechanism

A failover mechanism is documented, tested and pre-configured so it can be executed rapidly if needed.

Clients sessions on the application

Encryption of data

Users are authenticated to the URL by their username and password. We’re using https to encrypt data. Proxyclick has a “A” rating regarding the SSL, as you can see here

Users’ passwords

All users’ passwords are hashed and salted. You can only reset a password, not retrieve it.

Authentication

Users need to be authenticated to see pages of the application (no access via randomly generated URLs for instance).

SAML protocol

We support the SAML protocol (in which case we do not store usernames and passwords).

Linkage to account

Through checks written in the source code, it is not possible for a user to access data of an account he’s not linked to.

Permissions

The application provides different permissions to manage the application so everyone is not an administrator.

Login

Login and actions (check-in, check-out…) are logged (date, time, and user name).

Proxyclick employee access to data

Access to servers

Access to servers limited to 2 back-end engineers (incl. the CTO).

Access to customer data

Policy in place that Proxyclick employees only access a customer data when necessary to ensure account functionality.

Debugging errors

Some errors reported by clients can only be reproduced in production on the client’s account. Reproducing the error is often the best way to fix it. The only acceptable reason to access a client’s data is to debug this kind of errors.

User passwords

Proxyclick employees have no access to users’ passwords.

Credit cards information

Proxyclick does not store credit cards information. Payments are processed by Chargebee, a PCI DSS Level 1 compliant 3rd party processor.

Immediate access removal

When an employee leaves the company, all his accesses to systems are immediately removed.

Client’s production data

Employees never store client’s production data on their laptop.

Source code review

Review of code

All code is reviewed by the CTO before being put in production.

Code convention

Developers need to follow our code convention in order to ensure code consistency and quality.

Transparency to clients

Maintenance

Planned maintenance in case of a release is performed during week-end in order to minimize impact on clients’ operations. Planned maintenance is communicated 48 hours in advance to all admins via e-mail.

Monitor in real time

We also provide a service to our clients through which they can monitor in real time the status of our systems. They can subscribe to this service too in order to be notified in case of an incident.

Penetration testing

Ad hoc basis

Penetration testing is conducted on an ad hoc basis by clients or prospects. 

Tested items

Following items were tested during these tests: cross-site scripting, SQL injection, cookie flags, protection of admin interfaces, effective updates of patches, password security.

Additional penetration tests

If needed, Proxyclick is ready to perform an additional penetration test at your request.