PRODUCT SECURITY

Password Storage

Credentials are stored using a PBKDF function (bcrypt, with plans to migrate to Argon2id)

Audit Log

All user logins are stored in an audit log accessible by administrators that gives details on the login timestamp, IP address, location and device.

Uptime

99.9% uptime, status updates are posted at status.databowl.com

Roles

Users can be assigned specific roles by administrators to control their access to the system

NETWORK & APPLICATION SECURITY

Data Hosting and Storage

Databowl's services are data are hosted in Amazon Web Services (AWS) EU Ireland (eu-west-1) region

Additional information about AWS Security can be found at: https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/introduction-aws-security.pdf

Failover and DR

We spread our AWS resources across the 3 AWS availability zones in the eu-west-1 region to ensure Databowl can continue to function if one of those data centres fail.

Virtual Private Cloud

All of our services on AWS are located within our own dedicated production VPC with appropriate ACLs to prevent unauthorised requests

Backups and monitoring

We use Amazon RDS's automated backups to provide point in time recovery functionality. Furthermore additional backups are taken via regular automated snapshots of the database.

Application and server logs are sent to Papertrail for real time monitoring and then archived to Amazon S3.

Monitoring of various metrics and events are provided by Amazon Cloudwatch with alerts passed to OpsGenie for incident management and on-call scheduling.

Access & Authentication

Customer data is strictly restricted and access limited to select authorised employees who require it for their job.

Employee access to customer Databowl instances is restricted by individual user accounts along with a hardware security token.

2-factor authentication is required for employee access to company cloud services (e.g Google, AWS, Gitlab, etc.)

Encryption

All of Databowl's endpoints are solely served over HTTPS.