More than just encryption
While encryption is an essential practice to apply to your data storage, it is wrong to assume this is sufficient to keep your data secure. Encryption is the last barrier limiting the damage of a potential leak, but ideally, there is no data leak in the first place. First and foremost you want to prevent data leaks, limit the scope of data leaks, and when all else fails limit the content of data leaks.
So that is what we set out to do.
Certifications
ISO27001 & Datacenters
View our ISO27001 CertificateCyber Essentials
View our Cyber Essentials CertificateConnections
Servers
Auditing & security scans
Our servers are protected by security scans and threat detection tools. Several of our customers run yearly penetration tests on the environments to verify the integrity of our solution. There hasn't been any successfull attempts at gaining unauthorized access to either the web environments or the servers. We do however greatly value these tests, as they might point out some other issues like slightly outdated packages or suboptimal approaches that could be updated.
Common misconceptions
- Companies claim that their datacenter is ISO accredited and therefore their data is secure. It is not enough that the provider uses an ISO accredited datacentre if the company using the software, or the software itself aren’t held to the same standards.
- It is not enough that the provider “works” to ISO or PCI-DSS standards; they are not inspected annually, by an independent external auditor.
- It is not enough to password protect your documents and send them using traditional email; these are easily accessed.
- Storing all your data in an encrypted Sharepoint-like environment without the proper use of access management has still proven to be vulnerable to phishing.
- Solutions like WeTransfer do safely store your documents, but anyone with the given link and/or password can access them. These solutions are not intended for sharing sensitive data.
You need a reliable, robust, secure and GDPR compliant* solution provided by an ISO accredited specialist in data security.