Security
Productfy implements a defense-in-depth strategy to ensure secured access and storage of information. This strategy encompasses both technology and policy including clean desk, restricted access control, hardened employee equipment, secure software development practices, and physical security.
At the network level, data is encrypted in transit from the client to the server through HTTPS. Application servers are not publicly-accessible; instead traffic is routed through a secured CDN to a set of secured load balancers, which privately routes traffic to the application servers. Networks are segregated and traffic is controlled and monitored through various ACL’s. Each application server is further protected by individual firewalls. Database access requires authentication and is limited to specific compute instances or CIDRs.
Application-level security is implemented as tuple-level authorization checks. This translates to access permission that are set at each login. Every authenticated endpoint requires a token generated using an RFC 1750-compliant CSPRNG. Public sensitive API’s use IP-whitelisting or signed payloads.
Employee access control are limited by roles with fine-grained tuple-level authorization as necessary. Direct access to live compute instances is disabled in favor of a blue-green deployment strategy which replicates across testing to production environments. Event auditing is available to authorized parties for compliance purposes.
Finally, data is encrypted at rest on all persistent storage devices using AES-256 with keys hosted in separate networks. Relational data is automatically encrypted and any backups are similarly encrypted. Document data is encrypted prior to being saved to disk. Data may also be further secured using symmetric AES or asymmetric RSA encryptions with rotating, owner-scoped keys and varying salts. Selected data including passwords are hashed with SHA-512 and are optionally additionally hashed with PBKDF2-HMAC-SHA1 with varying iterations and salts.