One of the questions we’re often asked is “how can my data be secure if it’s on the Internet” or some variant of it. Before I give the Workbooks answer (the short version is “at Workbooks we take data security very seriously indeed”), I’d like to run through a little corporate history.
A decade ago (our company then was known as Activis) security became our number one priority – we were responsible for managing and maintaining over four hundred firewalls for a hundred corporate clients from three locations (UK, Germany and the USA). As you can imagine protecting the keys to the firewalls at the heart of our clients’ information security was something we had to do in ways which stood up to scrutiny from our clients – often these were Information Security Officers and the like. Multiple layers of security – “the onion model” – and completely redundant systems including redundant operating centers were central to the solution.
John mentioned BlackSpider in a previous article. BlackSpider was our next venture and it specialised in email security – at its core it was concerned with the detection and blocking of e-mail threats including early-stage viruses which the traditional anti-virus industry was unable to combat effectively. From the beginning we built data security into the core of our systems and we extended Information Security – through the implementation of something called an Information Security Management System – throughout the whole company. So we gained certification (to the “gold standard”: ISO 27001) not only of our SaaS systems but also of Information Security in our HR processes and our CRM processes.
Information Security – as any expert should tell you – isn’t just about keeping your data secret: it’s also about ensuring it is available when you need it, and that it can be believed. In the industry jargon you ensure information’s “Confidentiality, Availability and Integrity”.
With the the advent of Workbooks, information security remains uppermost in our minds. We began with our “clean sheet of paper”; one early decision was to store customer data in completely separate databases – this helps with the Confidentiality bit – for example you no longer need to worry about accidentally picking up some other customer’s data when generating a report; it also helps keep performance consistent because within customer-specific databases you have much smaller indexes (but that’s probably for a future blog article). The “onion model” at Workbooks looks a little like this:
Physical security of our servers is achieved through their being located in inconspicuous buildings with 24×7 manned security, CCTV-monitored data centres with biometric systems and certified entry procedures.
Availability is achieved through using buildings with redundant power and airconditioning systems and through the use of two physically-separate locations with a high-speed network connecting them. Our policy is to implement systems with no single points of failure. All hardware has remote-management capability.
Network security is achieved through the application of multiple layers of protection, including packet filters/ACLs, firewalls, and other techniques which are confidential. External specialist organisations are used to vulnerability scan at the network level and do more involved penetration testing. All data transfer happens under strong encryption; all access to Workbooks secure website uses 256-bit SSL together with an Extended-Validation certificate.
Careful design. All systems are built on the principle of ‘least privilege’ such that processes run with the minimum set of capabilities and software is not present on the operational systems unless it is specifically required. The operating system is under tight version control and we monitor for reports of security vulnerabilities in the OS and its components.
Our Development and QA processes are geared towards a controlled release cycle with a focus on avoiding security vulnerabilities and data corruption. The processes are extensive and include both automated and manual testing at many levels: unit, integration, system and functional. System changes are only permitted under a full Change Control process with signoff by senior Workbooks management.
Data is accessed and copied only over strongly-encrypted connections. We implement separate databases for each customer to add an additional layer of security above an extensive Permissions/Capabilities model which allows functions to be limited to specific roles or groups of users. Underpinning all data storage is a row-level security model which allows users to hold private data securely and permits control to read, modify, write, change access or change ownership on a record-by-records basis.
As described above, each customer’s data is held separately which enables us to offer customers the ability to receive a file export of all of their data; this could be used to recover customer data in the complete absence of the Workbooks service.
Workbooks’ development and customer support staff do not have access to live customer data without the customer’s prior permission which the customer grants through the use of the Workbooks service itself.
Finally, our customers are encouraged to help themselves. By default we set password security options for all our customers to enforce secure passwords. There is no substitute for keeping those passwords secure and hard to guess!
This is a public blog article so I’ve had to be a little circumspect with some of the details but hopefully I’ve answered the question; if you want to know more we’re always happy to discuss things in a little more detail privately.