Data security is absolutely critical to all our clients and because of this it is even more important to us. In addition to regular GCHQ-accredited penetration tests our platform provides:
Other security information:
Security starts with the connection between your browser and our servers which is secured using TLS (Transport Layer Security, the successor to SSL). Configuration of TLS is complex and a surprising number of websites are badly configured compromising their security. Our platform is configured to the highest standards and is rated “A+” in independent testing. This places us in the top 1% of more than 1 million web sites that have been assessed.
Encryption & Validation
Files that have been uploaded are encrypted using AES-256 before being saved to storage. Every time a file is downloaded it is checked to ensure that it is exactly the same as the file that was uploaded and has not been tampered with.
Our platform does not support searching inside of files that have been uploaded. This is because the indexes cannot be encrypted and if compromised the content of the documents would be accessible.
2-Factor Authentication Protection
An extra layer of protection can be added by requiring users to implement 2-Factor Authentication. This will require them to register a mobile phone number against their user account, to which a 7-digit authentication code will be sent following a challenge whenever they login.
All files that are uploaded are checked for virus infections. This helps to ensure the platform does not pass an infected file onto a third party damaging your reputation.
Enforce Information Security Policies
We provide support for your information security policies. An “Allowed” list enables clients to control the individual types of files that can be uploaded – for example enforcing the upload of PDFs only to ensure that modifiable content is never uploaded. Where more stringent requirements are needed, we provide support for validating protective markings.
The platform implements an easy to use and flexible permissions system to enable you to apply fine grained control over access to individual parts of the system for different users.
Our platform is hosted by a world leading hosting partner – Rackspace – at data centres based in the UK. Rackspace take security very seriously as well and are fully ISO27001 certified. See their website for more details.
We recognise that Security is only as good as its weakest link. This is why we have invested in achieving certification under the Cyber Essentials scheme – see http://www.cyberessentials.org.uk. This scheme recognises the business processes and procedures that are implemented by us are meeting best practice government guidelines.