A great deal of time and effort has been spent making sure that we’re generally doing the right things to keep your data secure. At a high level, it includes but is not limited to the following:
End to End Encryption: All communications between our application servers and your computer are SSL encrypted. The certificates used provide the same level of data encryption that’s used when you connect to your bank account over the internet.
Hashed Data: Sensitive data for which a plaintext version will not be required in the future is one-way hashed. This means you can’t decrypt the hashed values to view the original data.
This is a commonly used technique for login credentials because there’s no need to decrypt the original password for comparison purposes. We hash the password supplied by the user during the login attempt to verify that it matches the hashed password. A password can be reset, but the original unhashed value cannot be retrieved.
Encrypted Data: 256-bit AES encryption is used for sensitive “data at rest” (ie: saved on disk) where a decrypted form of the data is required to be used by the application. This includes data such as the credentials and authentication tokens for logging into IMAP and SMTP servers. Bluetick API Keys that may be used by third party applications (such as Zapier) are also encrypted.
Q: Could this data be decrypted?
A: Not in our lifetime. If you’re interested in the math behind the time it would take to decrypt this data without the encryption key, here’s some back of the envelope calculations, showing that you’ll need billions of high-end computing devices all of which need to be running for the entire existence of everything (billions of years) to get just halfway there. Honestly, at this point wrench decryption would be more effective.
Secure Datacenters: Customer data and Bluetick application servers are hosted using Microsoft’s Azure platform in Microsoft datacenters. The security of this infrastructure is described by Microsoft here. It complies with various industry standards such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability.
Firewalls: Access to the Bluetick infrastructure is protected using a firewall on every server. The firewall uses both inbound and outbound rules to regulate data coming into and going out of each server.
Network Access Controls: Azure Application Security Groups are layered on top of local firewalls to provide additional protection at the network layer. Additionally, Bluetick servers reside in a private network. Authentication to this network is restricted by user credentials and IP Address.
User Access Controls: User access control is managed and provided by the Azure Active Directory.
Backups: Backups are stored in the Microsoft Azure infrastructure. Access to these backups is managed by the Azure Active Directory.
Backup Retention Policies:
- Virtual Machine backups are retained for 30 days
- Daily database backups are retained for 30 days
- Weekly database backups are retained for 13 weeks
- Monthly database backups are retained for 6 months
Customer Data Retention: When a customer cancels their service with Bluetick, their subscription is marked as cancelled, but all of the associated data is retained in our database and storage infrastructure. This allows a customer to return at any time and restart their service as if they never left.
Roadmap: An automated mechanism for purging data for customers who have cancelled is on the roadmap to be implemented.
Customer Purge Requests: Customers who cancel their subscription may request for their data be manually purged. Please note the following:
- Your data will be manually purged from our production systems.
- Your data will not be purged from historical backups.
- Historical backups containing your data will be deleted automatically per our Backup Retention Policies (see above).
- The process of purging your data will render your subscription completely unrecoverable.
This last point is extremely important. Restoring the production database in case of a failure is fairly straightforward. What we can’t do is restore a subsection of it that contains data for a single customer. Do NOT request for your data to be purged unless you’re absolutely sure you will never need it again! Your only recourse at that point is to create a new one.
On-Staff Data Security Expert: Mike Taber (LinkedIn, Twitter) is the Founder of Bluetick. Prior to launching Bluetick, he spent more than 10 years as an implementation consultant for multiple Symantec security, auditing & systems management solutions. During that time, he personally designed and deployed implementations at more than 100 different organizations.
His client history includes companies like: UnitedHealth Group, Johnson & Johnson, Pfizer, GlaxoSmithKline, DuPont, Nasdaq, Lucent, Adobe, Booz Allen Hamilton, General Dynamics and dozens of others. He performed similar functions for Federal, State and local government institutions, such as: the Department of Defense, the Federal Reserve Bank, and numerous cities, colleges & school systems across the country.
Prior to that, Mike was a software developer for an audit & compliance software startup named Pedestal Software. His primary responsibility was building and managing the library of auditing & security policies that shipped with the product. He also worked directly with the Center for Internet Security to certify those policies. Pedestal Software was acquired in 2005 for $70M.
Limited Access to Production: Direct access to production data and systems is strictly controlled and must be authorized by the Founder.
Code Reviews: All of our source code is personally reviewed by the Founder prior to production deployment.
Application Logging: Application logs are sent to a third party provider (Papertrail, a SolarWinds company) to assist with application monitoring and troubleshooting. Sensitive data is explicitly excluded from logging.