When designing for security, it is important to start with a reliable and proven platform. Our philosophy for security centers around a few key tenants – use multiple layers, reduce our attack surface area, be suspect of every transaction and use encryption liberally. Frankly, security is hard, and we believe that it’s important to not reinvent the wheel, but rather to leverage industry best practices and use proven services and strategies.
At BestDayHR, we have developed our application using the following core Microsoft Azure services:
- App Services for our web-based application
- SQL Database to store sensitive Information
- Cloud Storage to manage files
- Auth0 for authentication and authorization.
Our application runs on the state-of-the-art and secure datacenters that Microsoft Azure provides. We are running out of the West US 2 datacenter in Washington State and are setup so that your information will never leave the continental United States.
All sensitive and private data is stored between two areas – Azure SQL Database and Azure Storage – and customer files are stored in separate containers. We use encryption liberally, and your data, SQL and files are always encrypted, whether at-rest or in-transit. Our application requires the most current TLS 1.2 (https) protocol. Additionally, both Azure SQL Database and Azure Storage are equipped with Azure’s Advanced Data Security and Advanced Threat Protection services.
Source code is maintained in a private Git Repository hosted on BitBucket a product of Atlassian. As part of our security practice to reduce attack surface areas. Our source code never contains sensitive or private information, such as database passwords, decryption keys or storage accounts. Highly sensitive information is vaulted on Azure.