Security

Protecting your data is fundamental to our business. We go to considerable lengths to ensure that data you store with us is safe.

Physical security
Locations Our data centres are located in the outskirts of Dublin, Ireland and Frankfurt, Germany. In each location services are spread across several facilities (availability zones), for maximum redundancy. We also run globally distributed edge-locations (a CDN) for quicker loading of the website and client code.
Facilities Our servers are hosted in data centres certified under ISO 27001, IT Grundschutz and SOC 3. Our data centre provider AWS run sophisticated facilities with redundant power, backup generators and multiple internet connections to keep things running non-stop.
Site security The facilities are manned around-the-clock, with guards, cameras and other perimiter security protecting each site. Access is strict and monitored, with only authorised personnel having access.
Network security
Encryption Data sent to and from Skovik is encrypted, using 128-bit encryption. Application endpoints are HTTPS-only. We use modern crypto-configuration such as Perfect Forward Secrecy, Strict Transport Security, OCSP stapling and strong cypher suites.
Architecture Our production network is separate from our corporate network. Within the production network services are logically separated with access-control lists regulating inter-service communication. For machine-access, we have a dedicated control plane. Bastion hosts are used to provide an additional layer of access security. Firewalls protect all systems, and only web-servers are internet-addressable.
Network vulnerability scanning We regularly perform automated network vulnerability scanning to identify out-of-compliance or vulnerable systems.
Limited access Access to the Skovik production network is very limited, granted only on a least privilege, need-to-know basis. Access is logged and monitored by our operations team. Multiple factors of authentication are required.
Durability & availability
Durability All customer data is replicated across two data centres, with an average replication delay under 5 seconds. In addition, snapshots are taken every hour and stored in a safe archive. As a result, there are always three instances of all customer data.
Uptime Skovik maintains a publicly available system status page, with current availability, historical uptime metrics, information about scheduled maintenance and incident history. View the status page
Failover & redundancy Our systems are architected to withstand the failure of individual components. Individual nodes are health-checked several times per minute and automatically taken out of the rotation if a failure occurs, allowing other nodes to step in and pick up the task.
Disaster recovery In the case of complete unavailability of our primary data centre, we have a secondary site on stand-by, where we can resume operations.
DDoS protection We have a DDoS-mitigation layer filtering inbound traffic, using a combination of traffic signatures and anomaly algorithms to detect and deflect malicious traffic.
Application security
Credential storage Skovik stores passwords and other credentials using industry best-practices. Passwords are one-way encrypted (hashed and salted) using bcrypt.
Email security We use DKIM, SPF and DMARC to secure emails sent by Skovik. Further, our emails are sent with Transport Layer Security (TLS) to encrypt emails in transit to the receiving email server.
Client security Modern browser technology, such as Content Security Policy and Strict Transport Security, is used to lock down the client runtime from attacks.
Payment processing Card payments are processed by our payments partner. They are certified under PCI DSS Level 1, a stringent standard administered by the Payment Card Industry Security Standards Council. Sensitive payment data (such as credit card numbers) are never stored on, or transmitted through, Skovik servers.
Logging We log activity across the Skovik services. Logs are aggregated and stored in a central repository, for monitoring and analysis.
Secure development
Security training Engineers participate in annual security training. The training cover common security flaws, common attack vectors and our internal security controls.
Static code analysis We continuously run source-code analysis, matching code and dependencies against a database of known vulnerabilities.
Code review All code is reviewed by a second pair of eyes, where security is one of the evaluation points. Components related to authentication, sessions and authorization are given extra scrutiny.
Application vulnerability scanning We use third-party security tools to regularly scan our application for vulnerabilities at the application level.
Separate environments Development, testing and staging environments are entirely separate from the production environment, sharing nothing but the code itself.
Product security features
Single sign-on (SSO) Single sign-on (SSO) allows employees to log in to Skovik using their ordinary work credentials. Also, SSO makes it easy for companies to customise their password policy (requiring a second factor, setting a minimum password length and similar). The protocol is OpenID-Connect, which is also used by Microsoft, Google, Salesforce, Okta and others.
Access roles Skovik has role-based authorization, for granular assignment of access privileges to users in the system.

White hat

If you have questions or suggestions on security, we can be reached at security@skovik.com.

Download our PGP key
A4F1BD983D55E92B1F4E1DD741B4D480985188C1

It looks like you might be speaking a different language.

X