1. How do you secure my data?
1. How do you secure my data?
We understand how important it is to keep your data safe and secure - which is why we've gone to pretty extreme lengths to lock things down. We break our practical security measures down into four attributes, based on best practice management of risk.
Our first security defence is simple, important but often overlooked - we make sure every single connection between your computer or wireless device and the AffinityLive servers is encrypted, using 265 bit securty encryption which is roughly twice as strong as many banks use today. Unlike many other web-based services that provide encryption as an option, with AffinityLive, this level of encryption and security is compulsory - there is simply no way to access AffinityLive without at least 256 bit encryption.
In addition to making sure the connection between your desktop and the servers is secure, we also go to pretty significant lengths to ensure the connections our engineers use to manage your system and keep it secure are also tightly controlled and secured. All engineers are closely vetted, and access to the server infrastructure by our engineers is only possibly via a 2048bit encrypted VPN connection, secured in addition through private keys and a server-side access control list that allows for immediate revocation if required. While a small group of our engineers need to be able to access systems to manage, optimize and maintain them, the only services that are accessible outside this protected channel are via the website and mail server that you use, each of which is firewalled and locked down at the front door. The database and file server that store your critical data are never accessible directly to the outside world.
When it comes to data security, segregating your data from that of other AffinityLive clients is an important and effective security measure. When you become an AffinityLive client, your data is kept in a separate, segregated database which is tied completely to your - and only your - deployment of AffinityLive. In hosted or multi-tenant applications that run in the cloud, one of the risks is that everything is stored together in a single database, and all it takes is one oversight by a programmer and other people may get unauthorized access to your data. With AffinityLive, we make sure you're quarantined and segregated into your own database, to ensure this can never happen.
- Vigilance & Expertise
Servers, websites and applications are created by people, so in a sense there's always a chance that a bug or hole might be found. The good news is that AffinityLive is built upon systems and technology with more than a decade of proven performance in large scale environments, including Google, Facebook and more. By choosing to build upon servers like the Apache Web Server, the Postfix Mail Server and the MySQL Database Server, we've made sure we're using some of the most stable, secure and proven platforms to build AffinityLive upon. Should a hole or exploit be found, we've also architected our systems to support a high level of automation; within a matter of minutes we can have our dozens of systems and services automatically updated and patched. With a team of dozens watching these things around the clock, a mixture of expertise, vigilance and doing things right ensures your data is protected and secure, much more so than it would be sitting on a server in the corner of your office.