Customer Data Security
Our system is tailored to keep customer data sets separate. This means that every cloud instance has a unique database, as well as its own place in the filesystem. Your data will be stored in a database that is yours only and no one else can access it (except our personnel, if you grant access). Thus, no data overlapping is possible and you can be sure that your data will never end up in someone else's hands.
We make sure that every under-the-hood service needed to run our cloud is up-to-date. The same goes for the application itself, which always runs the latest version of ActiveCollab. The cloud is also the first place that gets security fixes.
Every connection to your cloud account is SSL only. Non-encrypted communication is not allowed. We also follow all best HTTPS security practices. That means we use HTTP Strict Transport Security as well as Forward secrecy. Strong AES256 encryption is used to handle the transmission (some older browsers fallback to the AES128 cipher, which is still strong enough).
Full Redundancy and Backup
All cloud systems are redundant. We use a multiple layer infrastructure architecture - load balance, application, database, storage layer. Every layer is replicated. Along with the standard MySQL replication, we even utilize a delayed MySQL replica, which leaves us time to go back in time if needed, without restoring backups (which would be more time consuming).
Backups are done regularly over the day, on-site as well as off-site. They are also regularly tested.
Our system is monitored around the clock, using internal as well as external services. In case of a problem, we get a report in real time and are instantly ready to take care of any potential issues.
Firewalled and Secured Access
The whole system is behind a firewall. Just the necessary ports are open to the outside network. Also, only authorized personnel, using SSH keys, have access to the system. Access is enabled only over a VPN connection.
The server systems are located in Canada, United States and France. Building entrance activities are monitored and recorded. Access to the elevator and stairwells requires keycard access or security guard assistance. Access to the floor requires two factor authentication of keycard and biometric scan. Entrance to the facility is through a man trap, requiring the outside door to be closed prior to the inside door opening. The facility itself is manned, monitored and recorded 24x7. Servers are kept in individually locked cabinets. Removal of hardware is prohibited without administrative approval. Temporary access is escorted by facility personnel.