PRODUCT SECURITY
Password Storage
Credentials are stored using a PBKDF function (bcrypt, with plans to migrate to Argon2id)
Audit Log
All user logins are stored in an audit log accessible by administrators that gives details on the login timestamp, IP address, location and device.
Uptime
99.9% uptime, status updates are posted at status.databowl.com
Roles
Users can be assigned specific roles by administrators to control their access to the system
NETWORK & APPLICATION SECURITY
Data Hosting and Storage
Databowl's services are data are hosted in Amazon Web Services (AWS) EU Ireland (eu-west-1) region
Additional information about AWS Security can be found at: https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/introduction-aws-security.pdf
Failover and DR
We spread our AWS resources across the 3 AWS availability zones in the eu-west-1 region to ensure Databowl can continue to function if one of those data centres fail.
Virtual Private Cloud
All of our services on AWS are located within our own dedicated production VPC with appropriate ACLs to prevent unauthorised requests
Backups and monitoring
We use Amazon RDS's automated backups to provide point in time recovery functionality. Furthermore additional backups are taken via regular automated snapshots of the database.
Application and server logs are sent to Papertrail for real time monitoring and then archived to Amazon S3.
Monitoring of various metrics and events are provided by Amazon Cloudwatch with alerts passed to OpsGenie for incident management and on-call scheduling.
Access & Authentication
Customer data is strictly restricted and access limited to select authorised employees who require it for their job.
Employee access to customer Databowl instances is restricted by individual user accounts along with a hardware security token.
2-factor authentication is required for employee access to company cloud services (e.g Google, AWS, Gitlab, etc.)
Encryption
All of Databowl's endpoints are solely served over HTTPS.
We hold an A+ rating from Qualys SSL Labs for all our endpoints. This means we use modern cipher suites with strong encryption, support perfect forward secrecy and use features such as HTTP Strict Transport Security.