Service Level Agreement & Security Policy
Home
0Wishlist

Shopping cart

Viewed

Service Level Agreement & Security Policy

Uptime – 99.9%

  • We work with different hosting providers worldwide that always deliver at least 99.9% uptime guarantee, so we guarantee 99.9% uptime on a monthly basis (3 nines, excluding planned maintenance)*
  • 99.9% uptime monthly = maximum unplanned downtime of 45 min/month.
  • We usually deliver much better uptime than this (100% most months), as our providers always deliver a much better uptime than their SLA too.

These metrics refer to the availability of the platform itself for all customers. Individual databases may be temporarily unavailable for specific reasons, typically related to the customer’s actions or customizations.
Planned maintenance operations happen infrequently, typically once every couple of months, generally last less than 1 hour, and are scheduled outside of business hours in the region where the maintenance is taking place. They are announced by email.

 

Backups / Disaster Recovery

  • We keep: 1/day for 7 days, 1/week for 4 weeks, 1/month for 3 months.
  • The actual locations of our data centers are specified in our Privacy Policy.
  • Disaster recovery: in case of complete disaster, with a datacentre entirely down for an extended period, preventing the failover to our local hot-standby (never happened so far, this is the worst-case plan), we have the following objectives:
    • RPO (Recovery Point Objective) = 24h. This means you can lose max 24h of work if the data cannot be recovered and we need to restore your latest daily backup.
    • RTO (Recovery Time Objective) = 48h for paid subscriptions. This is the time to restore the service in a different datacentre if a disaster occurs and a datacentre is completely down.

Database Security

  • Customer data is stored in a dedicated database – no sharing of data between clients.
  • Data access control rules implement complete isolation between customer databases running on the same cluster, no access is possible from one database to another.

Password Security

  • Customer passwords are protected with industry standard PBKDF2+SHA512 encryption (salted + stretched for thousands of rounds).
  • skycyber.net staff does not have access to your password, and cannot retrieve it for you, the only option if you lose it is to reset it.
  • Login credentials are always transmitted securely over HTTPS.
  • Password policies: database administrators have a built-in setting for enforcing a minimum user password length. Other password policies like required character classes are not supported by default because they have been proven counter-productive. See e.g. [Shay et al. 2016]), as well as NIST SP 800-63b.

Staff Access

  • skycyber.net helpdesk staff may sign into your account to access settings related to your support issue. For this they use their own special staff credentials, not your password (which they have no way to know).
  • This special staff access improves efficiency and security: they can immediately reproduce the problem you are seeing, you never need to share your password, and we can audit and control staff actions separately!
  • Our Helpdesk staff strives to respect your privacy as much as possible, and only access files and settings needed to diagnose and resolve your issue.

System Security

  • All skycyber.net servers are running hardened Linux distributions with up-to-date security patches.
  • Installations are ad-hoc and minimal to limit the number of services that could contain vulnerabilities (no PHP/MySQL stack for example).
  • Only a few trusted skycyber.net engineers have clearance to remotely manage the servers – and access is only possible using an encrypted personal SSH keypair, from a computer with full-disk encryption.

Physical Security

All skycyber.net servers are hosted in trusted data centers in various regions of the world (e.g. GreenCloud, Alibaba Cloud), and they must all exceed our physical security criterions:

  • Restricted perimeter, physically accessed by authorized data center employees only.
  • Physical access control with security badges or biometrical security.
  • Security cameras monitoring the datacentre locations 24/7.
  • Security personnel on site 24/7.

Credit Card Safety

  • We never store credit card information on our own systems.
  • Your credit card information is always transmitted securely directly between you and our PCI-Compliant payment acquirers (see the list on our Privacy Policy page).

Data Encryption

Customer data is always transferred and stored in encrypted form (encryption in transit and at rest).

  • All data communications to client instances are protected with state-of-the-art 256-bit SSL encryption (HTTPS).
  • All internal data communications between our servers are also protected with state-of-the-art encryption (SSH).
  • Our servers are kept under a strict security watch, and always patched against the latest SSL vulnerabilities, enjoying Grade A SSL ratings at all times.
  • All our SSL certificates use robust 2048-bit modulus with full SHA-2 certificates chains.
  • All customer data (database content and stored files) is encrypted at rest, both in production and in backups (AES-128 or AES-256)

Network Défense

  • Firewalls and intrusion prevention systems on skycyber.net servers help detect and block threats such as brute-force password attacks.