We consider security a top priority of ours when designing our system. There are several ways that we ensure data integrity and security, especially concerning sensitive data such as client information.
We follow best practices for web application software development:
- Store hashed password in database to validate authenticity of user while signed in
- Expire user sessions that have not been active for a period of time
- Allow users to reset password using their email address through a temporary token
- Use authentication tokens when submitting sensitive data to prevent CSRF (cross-site request forgery)
- Encrypt all network traffic through 256-bit SSL, the same standard most banks use for their transactions over internet connections
We follow best practices for database management and cloud hosting:
- Use network isolated database instances within a virtual private network to prevent outside parties from attempting to log into the database
- Secure the database with a password
- Keep a regularly scheduled maintenance window to patch in the latest security updates to the server instances as well as the database instances
- Backup the database during the maintenance window
- Encrypt the connection between the database instance and the application layer
- Encrypt the underlying storage of our database and its automated backups
Much of the above is provided by industry-proven open source software and cloud hosting providers as well as our expertise to utilize these methods.