IMAP has been entrusted with managing our customers private data and we take this responsibility very seriously.
We employ a customer selectable approach to infrastructure and a multi-faceted approach security/data protection as outlined below.
It might be helpful to keep our architecture in mind while reading what follows.
Infrastructure Choices
Our entry-level service is hosted on
Amazon Web Services (AWS) global infrastructure
and offers considerable security and flexibility at a low cost which is reflected in the pricing for this level of service.
We can also accomodate any customers that desire their server(s) not be shared with others or that it be hardware dedicated to their
needs. We accomplish this by making use of computing infrastructure located at the most suitable co-location or virtual server
provider that meets with customer approval.
Server Access
We use firewalls to ensure that only http and https protocols (ports 80 and 443) can be used to broadly access our servers thereby eliminating
many of the common attack vectors.
All access to our servers for development and maintenance requires the setting of the individual IP address for the connecting
machine in the firewall. This insures that only authorized persons can obtain an SSH terminal session on the server.
No other access is permitted by the firewall.
Any connections made using the http protocol are forced to https by the web server configuration thereby ensuring that all customer
data is encrypted in transit between the users browser and our web servers.
User accounts for our application are handled on an invite only basis thereby reducing the potential for exploitation by the general public.
Multi-Factor Authenticated Login To AWS Management Console
Any access to the AWS Managment Console requires multi-factor authentication thereby ensuring that only authorized personnel can
make changes.
User Data Encryption and Hashing
There is a limited set of private information that is critical to our login process such as email addresses, answers to security questions and the secret
key that is stored for Google Authenticator purposes. We start with the assumption that this information is in the hands of someone
with malicious intent and as a result, we use state-of-the-art encryption and hashing techniques to ensure that this data cannot be
exploited to gain unauthorized access to our application.
Multi-Factor Authenticated User Login
Typical user access to the system requires a multi-factor authenticated login. There is an alternate method available should the device
used for multi-factor token generation not be available and it requires knowledge of the users email address, answers to both security
questions and access to the email of the user.
Verfied Login & No Index Browsing
We use a web server configuration that ensures that all PHP pages are prepended with code that verifies a valid user is logged in.
If not, the user is redirected to the login page. The exception to this is a small number of pages that are intended to be
publicly accessible without logging in such as our contact, privacy policy, etc.
We have used a global web server configuration to disable browsing of all directories underneath the web root.
Backups & Disaster Recovery
We preform nightly backups (on-line and off-line) that are then copied to an independant storage architecture.
We also perform hourly database log backups which are also copied to an independant storage architecture.
Nightly backups are retained for 30 days and hourly database log backups are retained for 14 days.
This backup methodology combined with quarterly server maintenance images provides all that is necessary to deal quickly with even the most severe catastophe.
Data Separation
The data for each client site that our application deals with is stored in separate databases thereby eliminating the potential for one client to see another's data.
