As a SAAS platform grows and features get added, so does the infrastructure on which it is built. As everything gradually gets more and more complex the number of individual components that make up the platform increases, and with it the potential for a security vulnerability to creep in. It's important to keep on top of the changes that are made to the platform, and constantly review the security implications of everything that happens as the platform grows.
Here are a few of the things that we have done to ensure the security and high availability of our application, so that we can meet our clients expectations:
We have our infrastructure in different availability zones. This means that if one data centre was to fail for any reason, our application would still keep running in another availability zone.
We use auto-scaling so that if a one of our servers suffers a problem for any reason, or if the load gets too much, additional servers will automatically be instantiated in order to deal with the load.
We also have redundancy of critical components to ensure that if something goes wrong our failover systems can ensure smooth, continued service.
We employ local information security specialists Dionach to assist in ensuring our application is protected from all types of malicious attack. Dionach are CREST, NCSC CHECK, ISO 27001 and PCI QSA certified, and are a leading experienced information security provider.
HTTPS and Data encryption
We now offer HTTPS to all of our clients, free of charge. We provide SSL certificates, and we also renew them automatically so that there is never any issue with SSL expiry, or any cost to our clients.
In order ensure that no data can be exposed our databases are encrypted on disk, as well as having sensitive data encrypted within the database itself.
In order to help protect our users login details we offer two factor authentication to all our clients' users. In addition, Passle employees cannot access the system without 2FA being enabled.
Web server security
All of our web servers are in private networks. Load balancers manage all traffic to the web servers, and we use AWS security groups to ensure that no connections can be made from any other source.