How Secure is EditMe?


Bookmark and Share Monday, April 6, 2009

The security, integrity and availability of our customers’ data is a top priority. At EditMe, we understand this is a matter of trust with customers placing their sensitive data within their EditMe sites. We make every effort to be transparent in our practices and policies regarding security and reliability in order to earn and keep that trust.

Secure Data Centers

EditMe is hosted within Amazon's AWS service, which provides a massive infrastructure managed by top professionals in the field. For complete information about the AWS data center and network security please visit the AWS Overview of Security Processes.

Certifications and Accreditations

AWS is working with a public accounting firm to ensure continued Sarbanes Oxley (SOX) compliance and attain certifications such as recurring Statement on Auditing Standards No. 70: Service Organizations, Type II (SAS70 Type II) certification.  These certifications provide outside affirmation that AWS has established adequate internal controls and that those controls are operating efficiently.  AWS will continue efforts to obtain the strictest of industry certifications in order to verify its commitment to provide a secure, world-class cloud computing environment.  The AWS platform also permits the deployment of solutions which meet industry-specific certification requirements.  For instance, AWS customers have built HIPAA-compliant healthcare applications using S3 and other components.

Physical Security

Amazon has many years of experience in designing, constructing, and operating large-scale data centers.  This experience has been applied to the AWS platform and infrastructure.  AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection.  Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means.  Authorized staff must pass two-factor authentication no fewer than three times to access data center floors.  All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Amazon only provides data center access and information to employees who have a legitimate business need for such privileges.  When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services.  All physical and electronic access to data centers by Amazon employees is logged and audited routinely.

System Security

Security within Amazon EC2 is provided on multiple levels: The operating system (OS) of the host system, the virtual instance operating system or guest OS, a stateful firewall and signed API calls.  Each of these items builds on the capabilities of the others.  The goal is to ensure that data contained within Amazon EC2 cannot be intercepted by non-authorized systems or users and that Amazon EC2 instances themselves are as secure as possible without sacrificing the flexibility in configuration that customers demand.

Server Access

EditMe employ's Amazon EC2's firewall technology to block all traffic directly to servers storing customer sites. Only front-end proxy servers are exposed directly to the Internet. All server access is managed through an intermediary, and strong cryptographic keys are used to gain access at all levels. Only direct EditMe employees have access to these servers.

Secure Transmissions

EditMe provides SSL encryption for all Professional and Premium plan customers. EditMe's SSL certificate is provided by GeoTrust, one of the leading global certificate providers.

Individual user sessions are identified and checked with each transaction using a unique token created at login.

Backups

Each EC2 instance stores data on an EBS volume (essentially a hard drive in the cloud). All EBS volumes are backed up twice daily in the form of incremental volume snapshots which are stored by AWS on S3 (durable cloud storage). These snapshots are stored going back at least 10 days. Additionally, each EditMe server takes local snapshots of each individual site daily. Because any level of automation can fail with a false-positive, these backups are checked and tested by a human three times per week.   

Monitoring

EditMe uses an all-in-one cloud-based monitoring suite to notify support staff of any interruption in service or abnormal server activity - 24x7.

Data Privacy

EditMe provides customers with a broad range of security options that can be applied to their site. Properly configured, EditMe sites are very secure. Customers who wish to store sensitive information on their site are advised to configure their site with the highest privacy settings:

  1. Require Login. Configure the site's security settings to require login before viewing site content. Your site's content is publicly visible by default.
  2. Keep Registration Private. Don't enable public registration. Public Registration allows anyone to come to your site and register for access. Public registration is off by default.
  3. Choose Secure Passwords. Pick words that can't be found in the dictionary, are at least 8 characters, and use a mix of numbers, punctuation, upper case and lower case letters. Read Microsoft's Guidelines on creating Secure Passwords.
  4. Enable SSL Encryption. EditMe Professional and better plans allow SSL encryption for encrypted data transfer. This protects against hackers who might otherwise be able to view site data as it passes through the Internet. EditMe's SSL certificate uses the same level of encryption employed by many online banking sites.

EditMe staff may view your secure site if related to a customer success issue or a support request initiated by the customer. If you don't want EditMe staff to view your site, simply let us know at any time.

Stay Connected with EditMe

Subscribe via Email

Your Email:

Delivered by FeedBurner