Entegy takes security quite seriously and when you use our products, you can be sure that your information is safe with us. Below is our security practices within the core.
Entegy’s platform are entirely hosted on the Amazon Web Service cloud infrastructure in Sydney region. Amazon provide a secure, stable and almost infinitely scalable platform so ensure we can satisfy the security and bandwidth requirements of our diverse customer base. For further information of the AWS platform and their security policies and measures, please visit: https://aws.amazon.com/security
Entegy develops its software in its entirety within Australia at its head office in West End, Brisbane. Entegy does not outsource development and maintains complete control of product development in-house at all times. Entegy employs all developers full time and does not utilise the services of contractors, temporary or overseas developers. All code is backed up securely offsite on AWS.
All connections to the Entegy CMS are sent securely using Industry Standard Encryption, Transport Layer Security (TLS). We score an overall A rating on the Qualys SSL Labs, which is recognised as a leader the in the security community (https://www.ssllabs.com).
We use HSTS to force browsers to only use HTTPS when connecting to the Entegy Core. This is combined with server side redirects to redirect browsers that do not support HSTS to use HTTPS. We’ve configured our ciphers and key exchange so that all modern browsers use Perfect Forward Secrecy, to prevent decoding of captured data in the event of a new zero day vulnerability like HeartBleed.
Backups & Redundancy
Entegy hosts its services on the AWS Platform. We leverage many of their services to provide a resilient service. Database Data is stored within Amazon Relational Database Service (RDS). Our RDS server takes nightly snapshots while also having point-in-time recovery provided by RDS. Assets are stored on Amazon’s S3 service. Amazon S3 is designed to have an availability (uptime) of 99.99% and designed to achieve 99.999999999% durability of an object (file) over a given year. Further assets are served using Amazon CloudFront CDN over HTTPS. CloudFront provides over 50 edge locations where files are cached and served from providing low latency fast asset delivery.
CMS Servers run on Amazon Elastic Compute Cloud (EC2), All our servers are stateless, creating no files on them. Runtime data for the servers comes from Amazon Elastic Block Store (EBS). We create EBS Snapshots after major updates so that we can spawn already configured new servers if required.
API is provided by Amazon Elastic Beanstalk . It’s setup behind a load balancer to autoscale under load, or in the rare event a EC2 API server stops responding.
Access to the Entegy CMS is restricted to authorized users with varying levels of permissions. All passwords are salted and hashed which are unable to be decrypted by Entegy or anyone else. Devices must be registered with the Entegy API before being able to request or submit data. Security policies around registering can be configured on an app by app basis allowing complete flexibility around who can access content.
Monitoring & Server Updates
All Entegy services run 24/7 uptime monitoring ensuring swift response in the event of a server incident. We endeavour to apply all critical server security patches as soon as they are available, and maintain a regular server software update schedule. We take security very seriously and have engaged private penetration testing to minimize potential vulnerabilities.