Security information for the Core

Entegy takes security quite seriously and when you use our products, you can be sure that your information is safe with us. Below is our security practices within the core.

Hosting Environment
Entegy’s platform are entirely hosted on the Amazon Web
Service cloud infrastructure in Sydney region. Amazon
provide a secure, stable and almost infinitely scalable
platform so ensure we can satisfy the security and bandwidth
requirements of our diverse customer base. For further
information of the AWS platform and their security policies
and measures, please visit: https://aws.amazon.com/security


Staff
Entegy develops its software in its entirety within Australia at
its head office in West End, Brisbane.
Entegy does not outsource development and maintains
complete control of product development in-house at all
times. Entegy employs all developers full time and does not
utilise the services of contractors, temporary or overseas
developers. All code is backed up securely offsite on AWS.


SSL
All connections to the Entegy Core are sent securely using
Industry Standard Encryption, Transport Layer Security (TLS).
We score an overall A rating on the Qualys SSL Labs, which is
recognised as a leader the in the security community (https://
www.ssllabs.com).


We use HSTS to force browsers to only use HTTPS when
connecting to the Entegy Core. This is combined with server
side redirects to redirect browsers that do not support HSTS
to use HTTPS. We’ve configured our ciphers and key
exchange so that all modern browsers use Perfect Forward
Secrecy, to prevent decoding of captured data in the event of
a new zero day vulnerability like HeartBleed.


Backups & Redundancy
Entegy hosts its services on the AWS Platform. We leverage
many of their services to provide a resilient service.
Database Data is stored within Amazon Relational Database
Service (RDS). Our RDS server takes nightly snapshots while
also having point-in-time recovery provided by RDS.
Assets are stored on Amazon’s S3 service. Amazon S3 is
designed to have an availability (uptime) of 99.99% and
designed to achieve 99.999999999% durability of an object
(file) over a given year. Further assets are served using Amazon
CloudFront CDN over HTTPS. CloudFront provides over
50 edge locations where files are cached and served from
providing low latency fast asset delivery.

CMS Servers run on Amazon Elastic Compute Cloud (EC2), All
our servers are stateless, creating no files on them. Runtime
data for the servers comes from Amazon Elastic Block Store
(EBS). We create EBS Snapshots after major updates so that
we can spawn already configured new servers if required.

API is provided by Amazon Elastic Beanstalk . It’s setup behind
a load balancer to autoscale under load, or in the rare event a
EC2 API server stops responding.


Access
Access to the Entegy Core is restricted to authorized users
with varying levels of permissions. All passwords are salted
and hashed which are unable to be decrypted by Entegy or
anyone else. Devices must be registered with the Entegy API
before being able to request or submit data. Security policies
around registering can be configured on an app by app basis
allowing complete flexibility around who can access content.


Monitoring & Server Updates
All Entegy services run 24/7 uptime monitoring ensuring swift
response in the event of a server incident. We endeavour
to apply all critical server security patches as soon as
they are available, and maintain a regular server software
update schedule. We take security very seriously and have
engaged private penetration testing to minimize potential
vulnerabilities.


Privacy Policy
Details of our current Privacy Policy can be viewed online at
https://secure.entegy.com.au/Privacy/