Security

Data security is absolutely critical to all our clients and because of this it is even more important to us. In addition to regular GCHQ-accredited penetration tests our platform provides:

End-to-end encryption

UK based servers in multiple locations

Operating ISO27001 compliant data centres

File and data obfuscation in storage

HTTPS Connection

Security starts with the connection between your browser and our servers which is secured using TLS (Transport Layer Security, the successor to SSL). Configuration of TLS is complex and a surprising number of websites are badly configured compromising their security. Our platform is configured to the highest standards and is rated “A+” in independent testing. This places us in the top 1% of more than 1 million web sites that have been assessed.

Encryption & Validation

Files that have been uploaded are encrypted using AES-256 before being saved to storage. Every time a file is downloaded it is checked to ensure that it is exactly the same as the file that was uploaded and has not been tampered with.

Our platform does not support searching inside of files that have been uploaded. This is because the indexes cannot be encrypted and if compromised the content of the documents would be accessible.

2-Factor Authentication Protection

An extra layer of protection can be added by requiring users to implement 2-Factor Authentication. This will require them to register a mobile phone number against their user account, to which a 7-digit authentication code will be sent following a challenge whenever they login.

Virus Protection

All files that are uploaded are checked for virus infections. This helps to ensure the platform does not pass an infected file onto a third party damaging your reputation.

Enforce Information Security Policies

We provide support for your information security policies. An “Allowed” list enables clients to control the individual types of files that can be uploaded – for example enforcing the upload of PDFs only to ensure that modifiable content is never uploaded. Where more stringent requirements are needed, we provide support for validating protective markings.

Permissions

The platform implements an easy to use and flexible permissions system to enable you to apply fine grained control over access to individual parts of the system for different users.

UK Hosting

Our platform is hosted by a world leading hosting partner – Rackspace – at data centres based in the UK. Rackspace take security very seriously as well and are fully ISO27001 certified. See their website for more details.

Cyber Essentials

We recognise that Security is only as good as its weakest link. This is why we have invested in achieving certification under the Cyber Essentials scheme – see http://www.cyberessentials.org.uk. This scheme recognises the business processes and procedures that are implemented by us are meeting best practice government guidelines.