Security at SafeStack
At SafeStack, we practice what we preach. We have an in-depth security programme and we’re dedicated to continually improving it.
User information security
PII (Personally Identifiable Information)
We collect the following personally identifiable information for authentication and user identification purposes.
This information is stored securely and shared responsibly with third parties only on a need to know basis, to provide application functionality.
Authentication and authorisation
SafeStack doesn’t store any password related information.
We trust industry experts at Auth0 to store all authentication and authorisation related information for us. This means authentication itself is driven by our integration with Auth0.
Product access control
A small subset of SafeStack’s team have access to the products and to customer data via controlled interfaces.
The intent of this access is to provide effective customer support, troubleshoot potential problems, detect and respond to security incidents, and implement data security.
All application data stored with SafeStack is encrypted at rest using the industry-standard AES-256 encryption algorithm on the database server(s).
In addition, all network communication uses a minimum TLS version 1.2 for encrypting data in transit.
Tenant level isolation and role-based access control
The SafeStack Academy platform was designed from the ground up to be a secure, multi-tenant, SaaS application. Platform design ensures there is a sufficient level of isolation between tenants, organisations within tenants, and groups within organisations.
Our role-based access control policies ensure that only users with specific roles are allowed to perform specific operations in the application. These roles and their corresponding allowed actions are well documented.
SafeStack uses Amazon Web Services (AWS) as its cloud service provider and leverages AWS’ security and compliance controls for data centre physical security and cloud infrastructure.
You can find further resources for this service provider on the AWS Security Cloud website.
Monitoring, alerting, and logging
Monitoring and alerting
The SafeStack Academy platform is continuously monitored to detect performance trends, connectivity issues, downtime, availability, errors as well and many other operational matters.
Our engineering team is alerted about high priority issues within seconds of them occurring, so they can be investigated as quickly as possible.
SafeStack uses a centralised log management solution to capture various application-level logs, including backend and browser logs.
Logging is used extensively for troubleshooting, alerting and support purposes. All application logs have a retention period of 15 days, at which point they’re automatically and permanently deleted.
All activity in our AWS environment(s), either automated or by SafeStack personnel, is logged using AWS CloudTrail for verification purposes.
External penetration testing
SafeStack regularly undergoes an external penetration test by an independent third party.
SafeStack employees are encouraged to follow security best practices when using various types of software required to run daily business operations.
Production account(s) access is sufficiently guarded with typical security best practices like complex passwords and multi-factor authentication.
Backups and disaster recovery
Frequent, continuous, automated backups
We back up all critical customer data automatically, continuously, and before any major releases. We also retain backups for many weeks and can perform point-in-time recovery. To ensure reliable and secure backups, we leverage the backup and restore features provided by AWS RDS.
We’re well versed with common disaster recovery scenarios and have plans in place to perform recovery drills for various types of disasters.
You can rely on our team’s collective experience to deal with disaster situations. In turn, we can rely on our well established and constantly improving DevOps practices to keep downtime to a minimum and ensure our learners always have access to what they need in our platform.