We know that big portion of security breaches around the world are caused due to human or operational mistakes. We've taken a series of steps to minimize such a risk.
Employee computers have strong passwords, encrypted disks and firewalls. The engineering department is using only Linux operating systems. Non-Linux machines are only being used for isolated testing purposes.
We follow the principle of least privilege in how we create our software, as well as the level of access employees, are instructed to utilize in diagnosing and resolving problems in our software and in response to support requests.
SessionStack uses Google account infrastructure to verify employee account identity and require physical security keys and/or two-factor authentication for all internal applications.
Access to administrative data additionally enforce administrator permissions where applicable, and all administrative access is logged and auditable. For third-party SaaS providers, we utilize Google as an identity provider whenever possible to provide a single point of access control across all the apps that employees access as part of their job.
Not a single line of code reaches our production environment without being a subject to a code review by a qualified member of our engineering department that includes security, performance, regression and abuse analysis.
Prior to reaching a production environment, all software updates are required to verify that changes are working as expected on staging servers.
SessionStack's infrastructure utilizes multiple techniques for increasingly reliable uptime, including autoscaling, load balancing and tasks queues. Even in a case of an incident or processing delay, we can make sure that no data will be lost and is fully replayable along our processing pipeline.
Even though SessionStack stores a huge amount of data, we make multiple backups per day. Each backup is automatically verified to be recoverable.
Updated about a year ago