Anytime you store sensitive data, security must be the utmost concern, and here at ProudCity, we are serious about security.
This is especially true in today’s climate, where a security breach at the Federal Office of Personnel Management compromised sensitive information from over 21 million employees (and their families) that had undergone federal background checks, and there have been recent data releases with personally identifiable information of more than 800 million users of LinkedIn, Twitter, Tumblr, VK.com and MySpace combined.
In an effort to be as thorough and transparent about all of our security and backup procedures, we are releasing the ProudCity security protocol.
- HTTPS everywhere. The White House issued the HTTPS-Only Strandard directive in 2015, requiring that all publicly accessible federal websites and web services only provide service through a secure HTTPS connection. We believe this should include all governments. All ProudCity websites redirect all traffic via a secure HTTPS connection. We use Let’s Encrypt, a new service started by tech industry heavyweights such as Mozilla, Facebook and Cisco that offers secure, free SSL certificates in an effort to increase HTTPS adoption.
- Bi-weekly release cycle. Updates to both the software and operating system are released to the platform every two weeks during our Tuesday releases. Serious vulnerabilities, such as a WordPress core security update or the recent Heartbleed SSL vulnerabilities are released immediately as a hotfix.
- Auth0 for user accounts. The first line of defense for any website built with a content management system is the user account system, which is why we have partnered with Auth0, an industry-leader in user authentication created by experts in security.
- Backups. We take nightly database and uploaded file backups and store them offsite for five weeks. In the event of a catastrophe we will be able to re-launch your website in another datacenter.
- Compliance. ProudCity websites are PCI Compliant. HIPPA and FISMA compliance can be achieved, however the approval process can be expensive and drawn-out.