Backups / Disaster Recovery
At Beyond Eris Solutions, we prioritize the safety and security of your data. We understand that accidents and unforeseen events can happen which is why we have implemented a comprehensive backup and disaster recovery strategy:
- We take daily backups of each of our databases for up to 3 months.
- Our backup strategy includes 14 full backups: 1 per day for 7 days, 1 per week for 4 weeks, and 1 per month for 3 months.
- These backups are replicated in at least 3 different data centers located across 2 continents.
- In the event of a hardware failure, we have implemented a local hot standby replication system with monitoring and a manual failover procedure that takes less than 5 minutes.
- We are also taking backups of the server on a regular basis to ensure data integrity and minimize the risk of data loss in the event of hardware failures, software errors, cyber-attacks, or any other unforeseen incidents.
Disaster Recovery Plan
While we prioritize the prevention of disasters, we also have a comprehensive plan in place in case of a complete disaster scenario:
- Our Recovery Point Objective (RPO) is set at 24 hours, which means that in the worst case scenario, you may lose a maximum of 24 hours of work. This would only occur if the data cannot be recovered and we need to restore your latest daily backup. (This would only occur if the system will burn or vanished)
- Our Recovery Time Objective (RTO) differs based on subscription level. For paid subscriptions, the RTO is set at 24 hours, while for free trials, education offers, and freemium users, the RTO is set at 48 hours.
- To achieve our RPO and RTO goals, we actively monitor our daily backups and replicate them in multiple locations.
We understand the importance of keeping customer data secure. That’s why we have implemented the following measures to ensure the integrity and confidentiality of your data:
- Data access control rules have been implemented to ensure complete isolation between customer databases running on the same cluster. There is no possibility of accessing one database from another.
- Customer passwords are protected using industry-standard encryption techniques, specifically PBKDF2+SHA512 encryption with salt to prevent unauthorized access.
- Our staff does not have access to your password and cannot retrieve it for you. In case of password loss, the only option is to reset it.
Our helpdesk staff may need to access your account to provide support. Here’s how we ensure the security and privacy of your data:
- Helpdesk staff access your account using their own special staff credentials, not your password.
- This special staff access improves efficiency, allows immediate troubleshooting, and eliminates the need to share your password.
- All staff actions are audited and controlled separately to ensure privacy and security.
- Helpdesk staff only access the necessary files and settings needed to diagnose and resolve your issue.
To guarantee the security of our systems, we have implemented the following measures:
- All our cloud servers run on hardened distributions with up-to-date security patches.
- Installations are customized and minimal, limiting the number of services that could contain vulnerabilities.
- Remote management of servers is only possible for a few trusted Beyond Eris Solutions engineers using encrypted SSH keypairs from computers with full-disk encryption. (And engineer can access system by using only specific IP’s)
Credit Card Safety
We take the security of credit card information seriously. Here’s how we handle credit card safety:
- We never store credit card information on our own systems.
- Credit card information is transmitted securely directly between you and our PCI-Compliant payment acquirers.
- For a list of our payment acquirers, please refer to our Terms & Conditions page.
We ensure that your data is always transferred and stored in secure environment to maintain its confidentiality:
- All data communications to client instances are protected with state-of-the-art 256-bit SSL encryption (HTTPS).
- Internal data communications between our servers are also protected with state-of-the-art encryption (SSH).
- Our servers are continuously monitored, regularly patched against SSL vulnerabilities, and maintain Grade A SSL ratings.
- SSL certificates used are robust with 2048-bit modulus and full SHA-2 certificate chains.
Protecting our network from attacks is a crucial aspect of our security strategy. Here’s how we defend against network threats:
- Our data center providers have robust network capacities and infrastructure to withstand large-scale Distributed Denial of Service (DDoS) attacks.
- They have automatic and manual mitigation systems in place to detect and divert attack traffic before it disrupts service availability.
- Firewalls and intrusion prevention systems on our servers detect and block threats, such as brute-force password attacks.
- Database administrators have the option to configure rate limiting and cooldown duration for repeated login attempts.
- Bot detection is an integral part of our cybersecurity measures, aimed at safeguarding the integrity, security, and fairness of our platform for all legitimate users.
For security, we have taken steps to ensure the robustness of our software:
- Beyond Eris Solutions is designed to prevent common security vulnerabilities, such as SQL injections and Cross-Site Scripting (XSS) attacks.
- We implement throttling as part of our system architecture to control and regulate the rate of incoming requests from users or applications accessing our platform.
- The framework has built-in mechanisms to prevent Cross-Site Request Forgery (CSRF) attacks and ensures secure cryptographic storage.
- We maintain a responsible disclosure policy and work closely with independent security researchers to address any reported vulnerabilities.
OWASP Top Vulnerabilities
Beyond Eris Solutions aligns with the security recommendations provided by the Open Web Application Security Project (OWASP):
- Injection Flaws: Beyond Eris Solutions’s object-relational-mapping (ORM) framework prevents SQL injection vulnerabilities by abstracting query building and properly escaping parameters.
- Cross-Site Scripting (XSS): Beyond Eris Solutions’s framework automatically escapes expressions rendered into views and pages, preventing XSS attacks.
- Cross-Site Request Forgery (CSRF): Beyond Eris Solutions’s website engine includes built-in CSRF protection mechanism, requiring security tokens for POST requests.
- Malicious File Execution: Beyond Eris Solutions does not expose functions for remote file inclusion. Custom expressions are evaluated in a sandboxed and sanitized environment to prevent vulnerabilities.
- Insecure Direct Object Reference: Beyond Eris Solutions’s access control is implemented at the data access validation layer, preventing unauthorized access through object references in URLs.