Servers Security
Indicate technologies involved
LAMP server. Linux, Apache, MySQL and PHP.
Describe your server and software update policy/frequency
All packages are installed via CentOs repositories and are being updated automatically with all the latest security patches.
Do you commit to update servers and software less than a week after publication of security updates, and at no additional cost?
Our server is a manager cloud server. Updates are managed promptly by rackspace technicians.
Describe how accounts are managed
It is just one server for StaffWise. Password questions are not applicable here as access to the server is by key. Access is revoked when a person no longer works for us.
Describe how access to servers is secured
By key, SSH, SFTP, HTTPS
Describe how generic accounts on servers are managed
Root login is disabled
Describe teams having access to accounts and level of access provided
Just Alex Chunyaev (head developer). Agencies will be given NO ACCESS to our server.
Describe services exposed on the internet
SSH, HTTPS
Describe services exposed on your intranet
There is no intranet
Indicate backup frequency/method
We use codegaurd.com for digital daily backups of all data.
Indicate how archives are secured
CodeGuard uses Amazon Web Service’s Simple Storage Service (S3) to house website and database backup data. This service was selected because it provides 99.999999999% durability by storing data redundantly across multiple physical locations. In addition to being able to withstand two simultaneous datacenter failures, all customer backup data is encrypted using an AES-256 bit key.
Indicate where archives are stored
Backups are stored on Amazon Web Services Simple Storage System, known as S3. S3 boasts object durability levels of 99.999999999%, achieved by storing redundant copies of data across multiple geographies and facilities. S3 is not the cheapest alternative for data storage, but it is one of the most reliable. Each backup is stored closest to where the user is, so it would actually be stored in Europe as they utilise this localisation from AWS - https://aws.amazon.com/s3/faqs/
Describe your business continuity and disaster recovery plan
We have an exact mirror of the system using a different hosting company in a different country to the primary server with Rackspace in London.
The mirror is with Amazon Web Services in Ireland and we would switch over to it instantly in the event of a failure with the primary server with Rackspace.
In order to switch we would need to repoint DNS of domain name to AWS servers. It would take a maximum of 4 hours (generally a lot faster)
Indicate where servers used for continuity/recovery are situated
Dublin, Ireland
Indicate frequency of data replication
Real time replication.
Indicate your SLA/recovery time objective
4 - 6 hours
If data restoration is required, indicate how much data would be lost, at most
Data is sent to 2 different servers. If one goes down we can replace with the data stored on the other. Theoretically no data would be lost. (This is even before we have to use our backup service)