Last updated: 2016-08-31
We know that every visual you create and the content it contains is extremely important to you and your business, and we're very protective of it. This document highlights some of the layers of protection we work on as part Vizzlo' architecture to ensure your data stays yours.
Physical and Environmental Security
All your data is stored in highly-secure data center in Europe, run by Amazon Web Services (AWS). Data center access is limited to a few selected technicians and not even possible for Vizzlo staff. AWS' data centers are equipped with state-of-the-art fire suppression, power and climate controls.
The physical data center security is audited by EY (see AWS SOC3 Report). Furthermore, AWS is, among others, certified and/or compliant to the following certifications, programs and attestations: CJIS, DoD SRG Levels 2 and 4, ISO 9001, ISO 27001, ISO 27018.
For more information regarding the security measures Amazon takes, please consult the AWS security center at https://aws.amazon.com/security/
Vizzlo's architecture is based on AWS' world-class network infrastructure that is carefully monitored and managed. Among others, the AWS network implements the following security features:
- Segregated and monitored network infrastructure that prevents unauthorized access from penetrated systems
- Firewalls for security monitoring on all external boundaries and major internal boundaries within the network
- FIPS 140-2 compliant secure access points
- State-of-the-art man-in-the middle detection systems
A certified DDos mitigation system is used to ensure that your data stays accessible to you under all circumstances.
All core components are deployed in a load-balancing failover configuration. In case of failure, automated processes move your data away from the affected systems.
The network security-level certificates applicable here are: Cyber Essentials 'Plus' badge, FIPS 140-2, ISO 9001+27001+27018, MTCS Tier 3.
Vizzlo's systems utilizes highly customized versions of the XEN and KVM hypervisors, enabling paravirtualization for Linux hosts. Paravirtualization enables a strict instance islolation and provides a higher security separation between instances on the same hardware. A firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface, providing maximum protection against attacks from inside the network.
As hypervisor guest systems, patched and hardened versions of the Linux operating system are used for the application, web, and database servers. Administrative access to these systems is only possible using public key authentication. All outside communication of these systems, as well as internal communication between those systems is encrypted using transport-level security at all times.
Data Security and Backups
Vizzlo makes use of the following Relational Database Service features to ensure data security at all costs: Multi-AZ hosting is used for the application, web, and database layers to protect against complete data center outages. Vizzlo database instances are automatically software patched by RDS and isolated against other database instances using the same purposes described above.
Automatic database snapshots are taken and stored securely in AWS's block storage system for a maximum of seven days to allow for rolling back in case of software or configuration errors. Access to this backups restricted to Vizzlo management only.
All data exchanged with Vizzlo is always transmitted over TLS using only state-of-the-art, secure SSL encryption ciphers. This is also true for the communication between different machines inside our network. Vizzlo makes use of HTTP Strict Transport Security to protect against protocol downgrade and cookie hijacking attacks. Our software takes active meaures against known web application vulnerabilities, like cross-site scripting and cross-site request forgery.
No Vizzlo employee will ever access your data unless required for support reasons. Support staff does not have the ability to sign into your account, edit your documents, or even view you documents if they are marked as private.
Passwords are one-way encrypted in the database using the 'bcrypt' algorithm, which is the state-of-the-art protection against brute force attacks or attack with rainbow tables. Login credentials are, like all communication with our systems, always sent over encrypted connections. No passwords are ever logged on our systems.
Credit Card Security
Your full credit card information is never seen by, nor stored on Vizzlo's systems at any time. Only our billing & invoicing service, as well the the selected payment processing gateway, will ever be able to see and store your cardholder data to make recurring transactions. To protect our customers' data, we only work with partners that have been audited by a PCI-certified auditor and are certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To learn more about the PCI compliance of our partners, please see https://www.chargebee.com/security/ and https://stripe.com/docs/security/stripe
Do you have questions or comments about Vizzlo security? Please contact our support at https://vizzlo.com/feedback