We know that security and privacy are a major concern for businesses today.
That is why at ServiceTonic we take this issue very seriously, implementing a security system based on different layers to offer the maximum security and privacy guarantees in our Cloud service to our customers, offering a historical availability greater than 99.95%.
How do we secure your data?
Our technical infrastructure is hosted at ISO 27001 certified data centers from Azure and Hetzner both employing leading physical, logical and environmental security measures, resulting in highly resilient infrastructure. For more information about their data centers see below:
ServiceTonic implements a security-oriented design in multiple layers, one of which is the application layer.
The application is developed taking security into consideration since its design and throug all the development processes including static code analysis, vulnerability assessment, end-to-end testing, and unit testing which addresses authorization aspects, and more. ServiceTonic developers go through periodic security training to keep them up-to-date with secure development best practices.
Another layer of security is the infrastructure. As stated, ServiceTonic cloud infrastructure is hosted at highly resilient data centers from Azure and Hetzner. Furthermore, our infrastructure is protected using multiple layers of defense mechanisms, including:
- Firewalls for enforcing IP whitelisting and access through permitted ports only to network resources
- A web application firewall (WAF) for content-based dynamic attack blocking
- DDoS mitigation and rate-limiting
- NIDS sensors for early attack detection
- Advanced routing configuration
- Comprehensive logging of network traffic, both internal and edge
ServiceTonic encrypts all data both in transit and at rest:
- Traffic is encrypted using TLS 1.2
- User data is encrypted at rest across our infrastructure using AES-256 or better
- All credentials are hashed using a modern hash function
External Security Audits and Penetration Tests
Independent third-party assessments are crucial in order to get an accurate, unbiased understanding of your security posture. ServiceTonic conducts penetration tests on an annual basis using independent auditors.