Security is of utmost concern to us at Graph Story. Here are some of the policies we implement to keep your data secure.
Standard procedures and policies
- All instances run an OS-level firewall that restricts incoming connections to a small set of ports required for operation
- On hosting providers that support it, security rules additionally restrict incoming connections to a small set of ports required for operation
- SSH access is not allowed except by the Graph Story team
- All authentication is key-based
- We do not access customer-owned data unless given the go-ahead by the customer, or absolutely required to address critical issues
- Query logging is not enabled, and queries are not recorded, unless requested by the customer for addressing performance issues
- All connections in and out of machines are made over encrypted connections using TLS or SSH
- Intrusion detection and prevention tools monitor attempts to access systems and ban repeated attempts
- Daily, weekly, and monthly backups are automatically created and stored
- We use a variety of tools to track vulnerabilities, and proactively apply OS and application patches as needed
- The Graph Story console supports multi-factor authentication
Optional procedures (on request)
- We can store backups in a customer-controlled S3 bucket, with optional server-side encryption
- Premium and Enterprise customers can request their own New Relic account to monitor system activity and set-up custom alerts
- Enterprise customers can request logs be segregated from our standard log aggregation service, and stored separately
- Enterprise customers can request the use of encrypted EBS volumes, if AWS is used as the hosting provider
- For additional cost, customers can request their instances be hosted within an VPC or similar that they control
- Premium and Enterprise customers can request custom network access rules, including limiting all access to a whitelist of IPs
Contact us if you'd like to discuss our security policies and procedures in more depth.