Security Q & A

Hosting / Data Protection

The data is hosted by the French provider OVH, located at the Gravelines data center. A firewall is used to filter the input traffic. The data is stored on SSDs hard drives with RAID hardware.

Authorized personnel

Only employees with Infrastructure and DevOps roles are permitted to work on the production infrastructure. Remote access to the server is only accessible with dedicated keys via SSH. Password SSH access is disabled.

Data destruction

Servers are systematically reinstalled and all client data removed when a server is replaced at a Cloud provider.

Authorization management

Only authorized OVH personnel can access the datacenter and network connectivity. Access to the server is restricted to talkspirit employees. The data is stored on dedicated physical servers.

Infrastructure

The servers used by OVH are on the Linux Debian 9 (Stretch) operating system. The talkspirit software uses the latest stable versions on Debian of the following:

  • Nginx
  • PHP
  • Redis
  • MongoDB
  • Elasticsearch
  • Centrifugo

The compartmentalization of IT Production Platform Environments

The version of talkspirit is tested on a staging environment that is isolated from production. The same rules applied to access deployment and software installation are respected.

Protection against attacks

The host, OVH, allows for Anti-DDOS protection. Additionally, a firewall has been configured.

AICPAOVH

Warning/Incident Treatment - Crisis Management Process

Alert levels are treated according to the severity of the incident. Software malfunction issues are handled by a Support Team via email (hello@talkspirit.com). These incidents are also listed on the company's talkspirit platform in order to be shared amongst all members of the staff.

Hardware malfunction issues are managed by the Enterprise Infrastructure role. Incident monitoring is performed via 2 tools.

  • Pingdom, which allows multi-spot site monitoring
  • The NewRelic warning system, which allows for system and software monitoring

The incidents reported via Pingdom are accessible via talkspirit.status.io, which is the communication medium used in the event of a major incident or when maintenance is performed on the platform. In respect to customer support, the Infrastructure roles are equipped with NewRelic and Pingdom applications on mobile phones in case of malfunctions.

Anti-virus

The entire talkspirit system runs on Linux and MacOS to reduce the risk associated with viruses.

Security patch management

The servers are updated regularly.

Passwords

The passwords of the services are nominative.

Backups, and data storage and processing

Database:A daily backup is made of the database on the server over a 7-day rolling period. Another backup is performed daily on OVH's object storage cloud which allows for a 52-week retention period.

Files:The client files are replicated on OVH's object storage solution on a daily basis.

Data Logging

Server logs:The server logs are saved on a weekly basis and then stored for 1 year on a remote server. Server access logs are sent in real time to OVH's LogsDataPlatform solution which allows for a 45-day retention period.

Application Logs:Application logs are logged on the server over a 20-day rolling period. NewRelic's APM is used to analyze behavior and correct software anomalies.

Audit

The new version of talkspirit (v3) was audited independently by an external company (SCRT) in September 2017.

Production security

The entire production code is saved in Git repositories on the Github tool.

Server installation

The server is installed and updated automatically via Ansible scripts. The scripts are tested regularly with a Vagrant machine.

Software deployment

When various automatic tests have been performed, the software will be automatically deployed as a Debian Package sent by CircleCi. Each deployment generates an so-called artifact that allows for a ‘rollback’ to a specific version of the software - logged in NewRelic.

Software deployment

The software is automatically deployed as a Debian package sent by CircleCi when the various automatic tests have been completed. Each deployment generates an artifact that allows a rollback of a specific version of the software that is logged in NewRelic in order to trace the production release dates.

Data security

Data security is insured via the software. Our API is coded in PHP on the Symfony framework.

Bandwidth

The available bandwidth is 500 Mbps.

Performance

Platform performance and availability are available at talkspirit.status.io.
It’s not possible to filter this page for a specific instance.