The security, integrity, and availability of your data are our top priorities. We know how vital it is to your business success. To ensure you never have to worry, we use a multi-layered approach to protect and monitor all your information.
Customer Data Protection
Oktopost is a multi-tenant Software-as-a-Service (SaaS) product hosted on a virtual private cloud (VPC).
- Customer data is shared on the same physical environment but is logically separated to ensure secure access
- Oktopost can be accessed across the Internet from secure and encrypted connections (TLS 1.2) using high-grade 2048 bit certificates
- Individual user sessions are protected by unique session tokens and re-verified on each transaction
- Customers can control the session security settings for people using their instance
- Login credentials and access tokens are encrypted at rest
Oktopost tests all code for vulnerabilities before each release, and regularly holds security reviews.
- Security reviews and threat assessments are based on Open Web Application Security Project (OWASP)
- Oktopost services are based on proven and secure Open Source solutions and custom applications
- Third-party security assessments are held on a regular basis to detect vulnerabilities and potential threats
- Access to customer data is restricted to authorized personnel only, according to documented processes
- Access to application servers is limited to authorized personnel only
- The engineering team monitors internal and external security events and implements corrective actions
- Application logs are monitored and analyzed automatically. Alerts about critical events and abnormal activities are automatically sent via email and push notifications to relevant members of the team
- Additional controls are in-place to ensure that login credentials and tokens are excluded from application logs
Physical and Environmental Security
Oktopost data-center is hosted on AWS East. The data-center provider maintains environmental security controls such as:
- 24x7 onsite protection against unauthorized entry
- Biometric scanning for controlled data center access
- Security camera monitoring
- Redundant HVAC (Heating Ventilation Air Conditioning) units which provide consistent temperature and humidity within the raised floor area
- Sensors to detect environmental hazards, including smoke detectors and floor water detectors
- Raised flooring to protect hardware and communications equipment from water damage
- Fire detection and suppression systems (dry-pipe, pre-action water-based)
- Redundant (N+1) UPS power subsystem with instantaneous failover
Service Availability Controls
- Every component in the application infrastructure is redundant. There are at least two of each component that process the flow and storage of data. All network devices, including firewalls, load balancers, and switches are fully redundant and highly-available
- Our primary database resides on Amazon Aurora which offers greater than 99.99% availability. It has fault-tolerant and self-healing storage built for the cloud that replicates six copies of your data across three Availability Zones. Aurora continuously backs up data and transparently recovers from physical storage failures; instance failover typically takes less than 30 seconds
Compliance & certifications
Oktopost is ISO/IEC 27001 certified by the Standards Institution of Israel (SII), and by the International Certification Network (IQNET).
Oktopost is GDPR compliant as both a data controller and data processor of personal data under the General Data Protection Regulation.
EU-US & Swiss-US Privacy Shield
Oktopost holds a Privacy Shield under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.