Infrastructure, data protection, security
We do not host the data and the application. We outsource this to an external company whose mission is focused on providing secure and reliable hosting solutions. Our provider is OVH, one of the largest global companies active in this field. More info about their security, the data centers they operate and their worldwide network.
Application, database and services are deployed on dedicated "bare metal" servers (i.e. single tenant servers and thus not virtually spread over shared servers). This has the following advantages:
- We can decide where to physically locate our servers
- We manage the servers ourself (all operating systems and software installed are validated by our Head of Technology)
- We control the security up to the server itself (e.g. encryption of hard disks)
- We are not impacted by the performance and stability of other tenants on the same sever
- We eliminate the risk of data being shared with other companies using the same server
Development, testing and production are segrated on 3 different environments.
The infrastructure is duplicated in 2 geographically distant data centers located in France. Failover procedures are documented and tested regularly.
On top of that, an additional backup is saved twice a day at another supplier located in Germany.
Systems are updated and patched on every release. We have releases every 4 weeks.
Protection of servers
The servers are protected by a firewall. Access is always done via private key and not password. IP addresses trying to access our servers are blocked after 5 failed attempts.
Protection of data
The hard disks of all servers are encrypted. The database and the file storage are located on servers that are not accessible from the internet. Databases on the client iPads are encrypted too.
Access of admin interfaces
Admin interfaces can be accessed only from a limited number of IP addresses(3).
Incident response plan
We have a monitoring system that automatically checks many aspects of the system (infrastructure, but also database access, queuing system, etc.)
- In case of an incident, two “waves” of warning are foreseen
- First warning sent by e-mail and SMS to 2 senior back-end engineers
- After 5 minutes, if incident is not closed, warning is sent by e-mail and SMS to 2 directors of Proxyclick
Documentation of incidents
The response to different types of incidents is documented in a shared repository.
A failover mechanism is documented, tested and pre-configured so it can be executed rapidly if needed.
Clients sessions on the application
Encryption of data
Users are authenticated to the URL by their username and password. We’re using https to encrypt data. Proxyclick has a “A” rating regarding the SSL, as you can see here
All users’ passwords are hashed and salted. You can only reset a password, not retrieve it.
Users need to be authenticated to see pages of the application (no access via randomly generated URLs for instance).
We support the SAML protocol (in which case we do not store usernames and passwords).
Linkage to account
Through checks written in the source code, it is not possible for a user to access data of an account he’s not linked to.
The application provides different permissions to manage the application so everyone is not an administrator.
Login and actions (check-in, check-out…) are logged (date, time, and user name).
Proxyclick employee access to data
Access to servers
Access to servers limited to 2 back-end engineers (incl. the CTO).
Access to customer data
Policy in place that Proxyclick employees only access a customer data when necessary to ensure account functionality.
Some errors reported by clients can only be reproduced in production on the client’s account. Reproducing the error is often the best way to fix it. The only acceptable reason to access a client’s data is to debug this kind of errors.
Proxyclick employees have no access to users’ passwords.
Credit cards information
Proxyclick does not store credit cards information. Payments are processed by Chargebee, a PCI DSS Level 1 compliant 3rd party processor.
Immediate access removal
When an employee leaves the company, all his accesses to systems are immediately removed.
Client’s production data
Employees never store client’s production data on their laptop.
Source code review
Review of code
All code is reviewed by the CTO before being put in production.
Developers need to follow our code convention in order to ensure code consistency and quality.
Transparency to clients
Planned maintenance in case of a release is performed during week-end in order to minimize impact on clients’ operations. Planned maintenance is communicated 48 hours in advance to all admins via e-mail.
Monitor in real time
We also provide a service to our clients through which they can monitor in real time the status of our systems. They can subscribe to this service too in order to be notified in case of an incident.
Ad hoc basis
Penetration testing is conducted on an ad hoc basis by clients or prospects.
Following items were tested during these tests: cross-site scripting, SQL injection, cookie flags, protection of admin interfaces, effective updates of patches, password security.
Additional penetration tests
If needed, Proxyclick is ready to perform an additional penetration test at your request.