It is worth writing in one task in detail (now if it exists, it is scattered) all methods / mechanisms, how we provide various types of security on our SaaS servers:
- and settings
- and data transfer server-client
- and safety of user data
- and fault tolerance
- and burglary protection
etc.
It is worth writing in one task in detail (now if it exists, it is scattered) all methods / mechanisms, how we provide various types of security on our SaaS servers: - and settings - and data transfer server-client - and safety of user data - and fault tolerance - and burglary protection etc.
Most likely, in one answer I will not remember everything that would be worth telling. Most likely, I will write in jerks, well, and answer counter questions. First, the most important note: To ensure maximum system security, as few people as possible should know how the system functions. With regard to OneBox, this may sound like this: "the less information in the public field about how data protection works in OneBox, the safer it is for users." Just because it's harder to find a loophole for anyone. Then I will tell you "piece by piece": Infrastructure resiliency By default, we use the hetzner.de cloud with all the consequences (the data center partially provides us with infrastructure fault tolerance and DDoS protection). Two backup systems - one inside hetzner, the second external (to another data center outside hetzner). Fault tolerance - not yet implemented at the time of writing this comment, in progress. Failover - not yet implemented at the time of writing this comment, in progress. Security of user data Incremental file backups every 24 hours. Full dump of all databases every 24 hours. (by the way, soon you will see right in the boxes what kind of backup you have for what date and time). We store data for a minimum of 10 days. In reality - 300 days. That is, we have an average backup for each onebox for every day for 300 days ago. Access to user data Up to 10 people have physical access to the infrastructure, each with an NDA. By default, any OneBox employee (except interns) has admin level access to the client's OneBoxes. The client can deny such access and then no one will be able to log in. Encryption of client-server data transfer HTTPS. Everything is classic. In new versions of OneBox, even the password is transmitted already encrypted at the input stage. Data encryption on servers On the server, all data is stored in MariaDB (MySQL) and is closed with a sql password. Burglary protection Everything can be hacked :) That's not what you wanted to hear, right?
Most likely, in one answer I will not remember everything that would be worth telling. Most likely, I will write in jerks, well, and answer counter questions.
First, the most important note:
To ensure maximum system security, as few people as possible should know how the system functions.
With regard to OneBox, this may sound like this: "the less information in the public field about how data protection works in OneBox, the safer it is for users." Just because it's harder to find a loophole for anyone.
Then I will tell you "piece by piece":
Infrastructure resiliency
By default, we use the hetzner.de cloud with all the consequences (the data center partially provides us with infrastructure fault tolerance and DDoS protection).
Two backup systems - one inside hetzner, the second external (to another data center outside hetzner).
Fault tolerance - not yet implemented at the time of writing this comment, in progress.
Failover - not yet implemented at the time of writing this comment, in progress.
Security of user data
Incremental file backups every 24 hours.
Full dump of all databases every 24 hours.
(by the way, soon you will see right in the boxes what kind of backup you have for what date and time).
We store data for a minimum of 10 days. In reality - 300 days.
That is, we have an average backup for each onebox for every day for 300 days ago.
Access to user data
Up to 10 people have physical access to the infrastructure, each with an NDA.
By default, any OneBox employee (except interns) has admin level access to the client's OneBoxes.
The client can deny such access and then no one will be able to log in.
Encryption of client-server data transfer
HTTPS. Everything is classic.
In new versions of OneBox, even the password is transmitted already encrypted at the input stage.
Data encryption on servers
On the server, all data is stored in MariaDB (MySQL) and is closed with a sql password.
Burglary protection
Everything can be hacked :)
That's not what you wanted to hear, right?
Globally, I would judge cloud data security as follows: who is better versed in building cloud infrastructure, backups, etc. - a specialized data center in Germany, which conditionally has 100,000 clients, or the sysadmin who installed a server for you in the office under the table and deployed OneBox there? Where is more reliable?
Globally, I would judge cloud data security as follows:
who is better versed in building cloud infrastructure, backups, etc. - a specialized data center in Germany, which conditionally has 100,000 clients,
or
the sysadmin who installed a server for you in the office under the table and deployed OneBox there?
Where is more reliable?
Miroshnichenko Maxim Alexandrovich OneBox CEO wrote: Globally, I would judge cloud data security as follows: who is better versed in building cloud infrastructure, backups, etc. - a specialized data center in Germany, which conditionally has 100,000 clients, or the sysadmin who installed a server for you in the office under the table and deployed OneBox there? Where is more reliable?
100%!
[quote]
Miroshnichenko Maxim Alexandrovich
OneBox CEO wrote:
Globally, I would judge cloud data security as follows:
who is better versed in building cloud infrastructure, backups, etc. - a specialized data center in Germany, which conditionally has 100,000 clients,
or
the sysadmin who installed a server for you in the office under the table and deployed OneBox there?
Where is more reliable?
[/quote]
100%!
Please join the conversation. If you have something to say - please write a comment. You will need a mobile phone and an SMS code for identification to enter.
Log in and comment
Donate
You don't have enough funds in your account Top up