Simitless' Security Measures
Simitless invests in its platform. We thank our customers as they keep trusting us with some of the most important assets they have: their data, their information, their knowledge. Why not follow our blog to be kept updated!
Here is a brief overview of our security measures. Want to know more? More questions? Why not letting us know using the feedback button on the right-hand side!
The database is deployed in a scalable way. Such a setup allows us to grow the data storage organically, following the growth of your apps. We schedule daily backups within the data center and off-site to make sure no data is lost. It is done every day of every week. What does it mean, you might wonder? It me that even if there’s a natural catastrophe, we’ll be able to recover most of your data. In the future, we will offer special redundancy systems for a full, up-to-the-minute backup and replication. Let us know if you would like that sooner.
Everybody in Simitless has been chosen for their trustworthiness as well as their expertise. However, just being trustful does not make a really good security policy. We isolated access rights. That way our employees don’t have any access to real user data. For our testing and development needs, we create simulated data. All bank-related data is also kept out of our own database. It is secured by our payment system provider Stripe. We selected them because they provide a fully PCI DSS compliant system.
We use modern encryption technologies to deliver your applications and data securely to you. Have a look at the address bar of your browser. You should see a small padlock, and/or the letters “https://”. This small “s” means “secure” (some browsers even show the full word “Secure”). We use a TLS1.2 certificate that is renewed every 90 days to ensure that the key is not broken. We received the “A” rating from the Qualys SSL Labs. In addition, our security settings are enforcing encrypted communications and actively blocking insecure connections from older and unsafe systems.
Payments & Bank Information
We chose Stripe as our payment provider. They are a renown payment provider for SaaS services. They are trusted by many systems already and provide extra security for all payment processing. They are PCI Service Provider Level 1, they force HTTPS for all services.
“All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist.”
Hosting & Servers
We use modern server technology: containers. Our code is packaged into Docker containers. Having our code packaged in containers allows isolating all the resources from each other. Building secure apps is much easier that way. Our code is uploaded in one container and is replicated as much as needed to ensure a smooth service for each and every user.
Data Safety, Data Access
We have introduced an itemized access control on our platform. Workspaces and Applications owners can control precisely who should be able to access what.
We have measured an availability rate of 99.9% over the past year that we had our servers up and running. We aim at 99.99% and are deploying more servers and more resilient services toward that goal.
Legal & Licences
Simitless promotes the use of thought-through licences for data diffusion. We wrote about it. Be it “open” data, free licenses or commercial licences, we can help you choose the right way to protect your data and to optimize that protection based on what you want your data to do.
We have set up an automated way of monitoring each and every server. Any issue noticed, any downtime and any scheduled maintenance is reported to our status reporting tool on http://status.simitless.com. This special page is hosted in a different data center from our other servers in order to ensure that we can update it and keep you informed even in the improbable case our main servers go down.
Underneath Meteor we use MongoDB. “MongoDB is the next-generation database that lets you create applications never before possible.” We have implemented and maintain the recommended controls to ensure that your apps and data remain secure and accessible to you when you need them.
Physical Datacenter Safety
Hosting is what makes the things we do possible. It brings the system we created to your browser. Our hosting provider is Scalingo. At the moment, we use their European servers. We regularly review the hosting settings. Doing so allows us to make sure that the service we provide is the best of its kind and that your data is secure.