Customer Data Protection

Oktopost is a multi-tenant Software-as-a-Service (SaaS) product hosted on a virtual private cloud (VPC).

• Customer data is shared on the same physical environment but is logically separated to ensure secure access
• Oktopost can be accessed across the Internet from secure and encrypted connections (TLS 1.0-1.2) using high-grade 2048 bit certificates
• Individual user sessions are protected by unique session tokens and re-verified on each transaction
• Customers can control the session security settings for people using their instance
• Login credentials and access tokens are encrypted at rest

Application Security

Oktopost tests all code for vulnerabilities before each release, and regularly holds security reviews.

• Security reviews and threat assessments are based on Open Web Application Security Project (OWASP)
• Oktopost services are based on proven and secure Open Source solutions and custom applications
• Third-party security assessments are held on a regular basis to detect vulnerabilities and potential threats

Administrative Controls

• Access to customer data is restricted to authorized personnel only, according to documented processes
• Access to application servers is limited to authorized personnel only

Security Monitoring

• The engineering team monitors internal and external security events and implements corrective actions
• Application logs are monitored and analyzed automatically. Alerts about critical events and abnormal activities are automatically sent via email and push notifications to relevant members of the team
• Additional controls are in-place to ensure that login credentials and tokens are excluded from application logs

Physical and Environmental Security

Oktopost data-center is hosted on AWS East. The data-center provider maintains environmental security controls such as:

• 24x7 onsite protection against unauthorized entry
• Biometric scanning for controlled data center access
• Security camera monitoring
• Redundant HVAC (Heating Ventilation Air Conditioning) units which provide consistent temperature and humidity within the raised floor area
• Sensors to detect environmental hazards, including smoke detectors and floor water detectors
• Raised flooring to protect hardware and communications equipment from water damage
• Fire detection and suppression systems (dry-pipe, pre-action water-based)
• Redundant (N+1) UPS power subsystem with instantaneous failover

Service Availability Controls

• Every component in the application infrastructure is redundant. There are at least two of each component that process the flow and storage of data. All network devices, including firewalls, load balancers, and switches are fully redundant and highly-available
• Our primary database resides on Amazon Aurora which offers greater than 99.99% availability. It has fault-tolerant and self-healing storage built for the cloud that replicates six copies of your data across three Availability Zones. Aurora continuously backs up data and transparently recovers from physical storage failures; instance failover typically takes less than 30 seconds