As our platform stores our customers’ essential business data, we think it is important for us to explain the measures we take to ensure that this data is safe and secure.
All data communication between our servers and the local browser is encrypted using HTTPS, with secure certificates in place. We use TLS1.2 exclusively, so data cannot be viewed or altered in transit. This industry-standard approach is the same system that is used by banks and online payment systems.
- Operating System (OS)
Our web application and database servers are hosted on the Linux OS, which is standard for web-based applications. The OS is regularly updated to ensure it remains secure, with many updates being implemented automatically by upstream providers.
- Web Server
An up-to-date and supported version of the Apache Web Server is used to deliver the content. A key feature is that any non-HTTPS requests are easily redirected to a secure HTTPS version of the same content, thus ensuring end-to-end encryption is always maintained.
- Database Engine
MySQL and MariaDB provide the relational database environment that stores Property Plus data. As with most modern DB engines, this includes features to ensure security and replication to multiple servers for backup and High Availability purposes.
- Application Language
This infrastructure is commonly referred to as LAMP and it is used to deploy many web-based applications, as it is reliable and scalable.
Keeping your data safe and always available is our primary concern.
- RAID Drives
The first level of protection is that all our servers use RAID drives (Redundant Array of Independent Disks). This means that data is replicated across multiple disks in each server to prevent any data loss when individual disks fail. Not only does this improve performance, but the RAID drive will continue to operate with up to two failed disks, which gives our data centre team plenty of time to hot-swap replacement disks.
All business-critical data is backed up twice a day and copied to a different server in a different room of the data centre. This is also copied completely offsite to an independent secure data vaulting service to allow fast rebuild of the data structure in the extremely unlikely event of a building-wide issue such as terrorism or flooding. Backup procedures are automated using the network to copy the data, thereby not relying on human intervention other than to monitor and to test restore/recovery procedures.
- High Availability
Utilising the High-Availability tools provided by the Software Environment combined with our own proprietary procedures, we deploy a two-tier, multi-server infrastructure:
- Multiple application servers host the application software, providing a load-balanced user experience.
- Multiple database servers host the Property Plus databases with real-time replication amongst frontline servers, and scheduled replication to backup servers, from which intra-day, daily snapshot backups are taken.
- This ensures an always-up service, should any individual server fail or be taken offline for maintenance.
- Disaster Recovery
In the extremely unlikely event that the data centre environment becomes inaccessible and/or unavailable, whether permanently or for an indefinite period, the Backup and High Availability safeguards summarised above ensure that we have access to a complete copy of Property Plus at a different location. With this and the standard Software Environment, we can reinstate the platform at a secure temporary location with 24 hours (and in practice a lot quicker than this), and seamlessly at a new permanent location, should that be required.
The servers all have an extremely high capacity Internet connection, linked to the data centre’s ‘backbone’, which comprises of multiple fibre connections. This is then linked to other data centres and telecommunication companies for UK and Global connectivity. A system known as Border Gateway Protocol (BGP) is used to maintain the connection if any of the fibre connections fail or any route to or from a data centre should fail; downtime is kept to a minimum, virtually zero.
The integrity of our servers is maintained by means of firewalls, antivirus software, restricting the activities of logged-in users and a strict programme of updates to the Operating Systems.
Protecting our servers includes housing them in a suitable environment and limiting physical access to them.
- Data Centre Security
Our servers are located in a highly secure, purpose-built UK data centre. Direct access to the hardware is closely controlled. Entry to the facility is strictly limited to authorised individuals, with identity checks confirmed against a photographic record (e.g. passport). Within the facility, movement is controlled via card-activated doors to only those rooms in which our servers are located. The racks that hold our servers are enclosed in metal cages, all of which have locks, the combinations of which are known only to us. All areas of the data centre are monitored by CCTV.
- Fire Safety
The data centre is equipped with VESDA (Very Early Smoke Detection Apparatus), which will deploy halon gas that does not adversely affect the electrical equipment.
- Electrical Protection
The power supply to each room, rack and server is also protected. The first level of protection is provided by Uninterruptable Power Supplies, backed up by building-wide generators capable of maintaining all the servers housed there. The systems use “N+1”, which is for every item of critical power equipment (N), there is at least one backup system for it (+1).