Security - Auklet

Security Overview

We know your metrics and exception data is extremely important to you and your business, and we’re very protective of it. After all, we use Auklet in our IoT apps too!

Have a question, concern, or comment about Auklet security?

Need to report a security vulnerability?

Please email us directly at Auklet Security. We can’t express our appreciation enough for letting us know about these issues.

Physical Security

  • We operate all our infrastructure in Amazon Web Services industry leading data centers
  • Biometric scanning for controlled data center access
  • Security camera monitoring at all data center locations
  • 24×7 onsite staff provides additional protection against unauthorized entry
  • Unmarked facilities to help maintain low profile
  • Physical security audited by an independent firm

System Security

  • System installation using hardened, patched OS
  • Dedicated firewall and VPN services to help block unauthorized system access
  • Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions

Operation Security

  • Systems access logged and tracked for auditing purposes
  • Secure document-destruction policies for all sensitive information
  • Fully documented change-management procedures

Software Security

We employ a team of 24/7/365 server specialists at Auklet to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.

Communications

All data exchanged with Auklet is always transmitted over SSL (which is why your dashboard is served over HTTPS, for instance).

Data Storage

All metric and event data is encrypted at rest and backed up daily with advanced logging that enables restoration to any second up to the last 5 minutes. Data is mirrored across at least two different regions of the US ensuring your data is always highly available. Automatic database hot swapping happens in the case of a disaster within minutes.

We never store passwords as clear text – they are always hashed (and salted) securely using bcrypt. Both data at rest and in motion is encrypted – all network communication uses TLS with at least 128-bit AES encryption. The connection uses TLS v1.2, and it is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.

Your code never touches our servers.

Maintaining security

We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL.

We also allow you to use two-factor authentication, or 2FA, through GitHub login as an additional security measure when accessing your Auklet account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.

We have a full time security staff to help identify and prevent new attack vectors. We always test new features in order to rule out potential attacks.

Credit card safety

When you sign up for a paid account on Auklet, we do not store any of your card information on our servers. It’s handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.