This document describes the BrandStencil security procedures.
BrandStencil’s servers are located in a secure data centre based in Manchester, UK. It’s security features include:
- High security perimeter fencing
- 24×7 security and NOC staff presence
- A state-of-the-art IP CCTV system
- Access control system
- Interlocked doors
- Man-traps, interlocked doors
BrandStencil uses enterprise-grade hardware to provide the most stable and reliable hosting environment. Our security policies include:
- Constantly updated CentOS 6 operating system
- Using hypervisor and router level firewalls used alongside iptables firewall rules
- Ensuring malware and antivirus software is up to date.
- Implement stringent rulesets to mitigate and prevent denial of service attacks.
BrandStencil is written in the super secure Laravel PHP framework. This has a comprehensive suite of proprietary security features including:
- All passwords are hashed and salted using AES encryption protocol
- Route level authentication (meaning no URL can be access without a valid login)
- CSRF form protection to protect against cross-site request forgeries.
- All server responses are protected via a strict http headers policy: https://schd.io/3prZ
- All data transfer is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_256_GCM). https://www.ssllabs.com/ssltest/analyze.html?d=app.brandstencil.com
- The only data BrandStencil stores is user credentials (email address, name and password) and the content added to saved artwork
- All data is stored on a server in our UK based data centre
- All PDF and Image files generated by BrandStencil are permanently deleted from the server each night
Backups and Redundancy
- All our infrastructure is installed with a minimum of N+1 redundancy, and certain key elements at 2N
- All content on the server is backed up on a weekly and daily basis so your data is safe
- We additionally store an off site backup of all content to provide extra redundancy
- Although incredible unlikely, in the event of a catastrophic system-wide failures, we can perform a full backup restore within one business day.
Back to top | Print page