The security of your and your client's data is the most important part of what we do.
Introduction
Content Snare is a cloud-based platform for document collection, requesting files or gathering information from clients.
It's the more productive alternative to email, online documents and shared folders. It keeps confidential documents out of email.
We take security seriously and it's our top priority to protect your organization and clients.
Content Snare uses modern industry standards and best practices for application security.
User Authentication
Individual users can enable two-factor authentication to prevent unauthorized usage. Account administrators may also opt to require all users in their organization to set up 2FA before accessing their accounts.
Encryption
All data in transit is encrypted between source and destination using SSL/TLS with RSA 2048 key encryption. This includes data between the client application and the API server, and the API server and the database. Encryption at rest is also applied to the database.
Data Centres
Our infrastructure is provided by Amazon Web Services (AWS), an industry-standard in hosting. Like us, they treat security as a top priority. You can read about their superior visibility, control and permissions here.
Network isolation
All network infrastructure, with the exception of the load balancer, resides within a virtual private subnet. This ensures that only the load balancer is Internet-facing.
The virtual private subnet ensures that direct communication from the client application to the server, database and storage servers cannot be achieved, thus increasing security through layers of defense.
All links to the stored files are served using temporary time-based signatures allowing the file to be indirectly accessed only after authentication.
Firewalls
Firewalls sit between the Internet and the load balancer and the load balancer and the API server to create a DMZ between the Internet and the virtual private subnet.
A firewall is also located between the API server and the database and file storage servers to ensure that only whitelisted IP addresses have direct access to the database and storage servers.
Middleware on the API server also provides a level of protection by implementing additional security protocols such as automated IP address throttling and temporary IP address blocklisting.
Authentication
All database read/write actions require authentication. Authentication is processed on the server during the login handshake and a short lived access token is provided to the client application allowing access to authenticated API requests. The access token is renewed regularly (at less than 5 minute intervals) to remove the risk of stolen authentication keys.
Role based authentication is also undertaken by the API server for each request and only operations allowed by the specific role will be processed by the API server.
Company based authentication is performed to ensure that a user from one company cannot access or write data to another company entity.
Throttling
Repeated communication attempts to any endpoint will result in a temporary ban to safeguard against brute force and denial of service attacks.
Password Management
Passwords are never stored in plain text within the database. An individual hash and salt is stored for each user ensuring compromise of one password will not allow other passwords to be obtained.
Passwords are redacted in all logs.
Development Framework
All server side software is scanned regularly (at least monthly) to test for common and 0-day security vulnerabilities within the software framework and libraries used. All vulnerable libraries are replaced or patched to ensure the vulnerabilities are removed
The latest framework versions are also used on both client and server applications ensuring the latest security principals are adopted.
Staff Accessibility
Employees and contractors use a password manager that enforces strong passwords. They are only authorized to access data that they need to carry out their duties.
Multi-factor authentication is enforced on all platforms that allow it.
For assistance in setting up accounts, you may grant our support staff access. This can only be granted by an administrator of your account, and can be revoked at any time.
Logging & Alerts
Content Snare is continually monitored for downtime, errors and access. Logs are maintained for analysis and debugging. Critical alerts are flagged with our engineering team immediately.
Backups & Disaster Recovery
Regular backups are distributed across several physical locations. Both files and database can be restored to a specific point in time over the last 14 days, or a full recovery can be initiated from a snapshot.
Our backup and recovery procedure ensures a minimum disruption of service in the event of a total failure.
Data Protection & Privacy
We are committed to data production regulatory requirements (such as GDPR) and privacy.
Our privacy policy covers:
- Your privacy rights
- How we collect and use your personal data
- Cookie policy
You can read about our data protection in our Privacy Policy, Data Processing Agreement and End-user License Agreement.
We actively monitor regulatory guidance changes to ensure we continue protecting your data.
Questions
If you have any questions, please contact us.