We care a lot about security with Aptuitiv. You entrust your website to us, and we take the following measures to ensure security.
Data Center Security, Availability, and Disaster Recovery
- Aptuitiv leverages Amazon Web Services (AWS), a leading data center provider, to house our physical infrastructure.
- AWS utilizes a variety of security equipment, techniques, and procedures designed to control, monitor, and record access to their facilities.
- Our infrastructure is designed to protect against and mitigate the effects of DDoS attacks.
Access Control
- Remote access to the servers requires a secure VPN connection and two-factor authentication. We also limit administrative access to our environment to specific IP addresses.
- We follow the policy that all administrative users have limited access and can only assume additional permissions with proper authorization via two-factor authentication.
- Strong passwords are required, and passwords must be rotated regularly.
Application Level Security
- Aptuitiv hashes passwords for user accounts. No one, including us, can view the raw password.
- SSL certificates are provided for client websites.
- Web Application Firewall (WAF) technology is used to protect access to our systems.
- Customers can customize user permissions to access their website administration.
- Best practices are enforced during software development to prevent security vulnerabilities.
Backup and Restore
- Databases are backed up daily and retained for 21 days.
Redundancies & Scaling
- Multiple redundancies are in place for nearly all parts of the server environment.
Monitoring and Alerts
- Different automated monitoring tools are used to detect issues.
Patches and Updates
- AWS conducts centralized patch management regularly for security-related updates. Our team also applies regular patches to keep servers up to date.
- All changes are tested in a staging environment before going into production.
See the AWS Security Whitepaper for more information about Amazon's role in security.