Plateology Security Architecture
Outlined below is a high level overview of the security architecture that we employ here at Plateology.
We protect your billing information.
All credit card transactions are processed with our credit card processor, Stripe. Card information is transmitted, stored, and processed securely on Stripes' PCI-Compliant network to ensure the highest security for your sensitive billing information. All billing information is sent directly to Stripe and never resides on any of our servers.
Encryption and SSL
Patient Data Protection
The protection of patient data is of paramount importance in this application (plateology.com). As such the application takes the approach of encrypting patients identifiable information and communications using the industry standard AES algorithm (AES is in use by all major banking groups to protect customer data). This method provides protection even in the event that an attacker gains unauthorised access to the database itself.
The application makes use of a data-key which is used to encrypt both the Patient and Message models within the database. This key is generated using a secure random number and then encrypted using the user password and salt, ensuring that the key is unique, encrypted and readable only by the patient themselves (or other authorised parties, as described below).
A key area of data protection required for any application is ensuring that the passwords used by users will remain secure, even where an attacker has access to the database. Whilst given an unlimited amount of time, any password hashing mechanism can be defeated; the application makes use of the Bcrypt algorithm to maximize the difficulty that an attacker would have in retrieving passwords from a compromised copy of the database. Bcrypt is an algorithm which specifically slows down the attacker, when compared to other common means of protecting user passwords (eg, hashing algorithms such as MD5 and SHA-1). Bcrypt also includes an internal salt value by default, which helps mitigate the risks of attacks such as hash and rainbow tables. Overall this provides a high level of protection for user passwords stored in the database.
General Application Security Features
The application has a number of features to protect against many of the prevalent security issues faced by websites:
- The application makes use of the ActiveRecord ORM for database interaction. ORMs provide protection against SQL Injection attacks by ensuring that all user input is treated as such and cannot disrupt the execution of the query.
- The application provides protection against Cross-Site Scripting (XSS) attacks. This is accomplished by encoding all user input sent back to the web browser by default, and is effective against most forms of XSS attacks.
- The application provides additional security to its users by providing protection against Cross-Site Request Forgery (CSRF) attacks. This is achieved by inserting a random token into all forms which is checked when the form is submitted to ensure that it was generated by the application itself and was not submitted by a malicious third party.
- For applications processing sensitive information, it is important to ensure that all information is encrypted in transit. The application makes use of the most trusted 2048-bit SSL encryption mechanism and is configured to ensure that patient data is always encrypted in transit between the users browser and the application.
- An area of concern with web applications can often be sensitive information being stored in diagnostic log files. The application is designed to filter such information from being stored in logs.
- The application provides users with a warning if it detects that theyre accessing their accounts from two different geographic regions within a short amount of time. The user is then given the option to suspend the suspicious session and to reset their authentication details.
We protect your data.
All data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.
Sophisticated physical security.
Our state-of-the-art servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches.
Full redundancy for all major systems.
Our servers — from power supplies to the internet connection to the air purifying systems — operate at full redundancy. Our systems are engineered to stay up even if multiple servers fail.
Want to know more?
Submit a support request if you have other security questions and we’ll get back to you as quickly as we can.