How do we Maintain Data Security of our Customers?
- We maintain a two-factor authentication for ThriveDesk.
- Our Secure Shell Protocol are all password protected
- All our computed and devices running ThriveDesk service tools are secured and up to date.
- All employees of ThriveDesk are trained with data security practices.
- Employees of ThriveDesk are regulated and only authorized to their respective data security level, we have build an internal system where different permission levels are required by the employee.
- Servers are running latest security updates and patched immediately when a kernel vulnerability is published
- Messaging servers are hosted in The Singapore 🇸🇬.
- We maintain “Denial-of-service protections everywhere (this ensures service resiliency under attack)”.
- In case of a hardware failure we maintain an architectural replication procedure in micro-services that ensures service continuity.
- Our databases are all replicated around the world in different layers.
- Our networks are protected with firewalls.
- System has a monitoring method allowing us to be aware of issues before effecting our customers.
- ThriveDesk infrastructures were designed and developed in a manner to still run properly in case of server incidents or failure.
- All ThriveDesk are secured with DNSSEC.
- ThriveDesks SSH services has been designed to avoid any public reachability and are only limited to a set of allowed IPs.
- Misuse of any IP’s get automatically banned or rate-limited (prevents brute-force attacks on accounts)
Encryption has become so cheap and convenient today that it’s now possible to enable it everywhere. All public network channels on the ThriveDesk platform are fully encrypted. This comes for both assets loading (Web resources), and real-time chat channels (user messages and user data).
Our encryption techniques implement state-of-the-art practices:
- Strong TLS keys: RSA, 2048 bits
- Elliptic-Curve Cryptography
- Forward-Secrecy with Diffie-Hellman parameters
- HTTP Strict Transport Security
We dropped legacy encryption methods to alleviate known attacks:
- The old SSL protocol is completely disabled (we use TLS)
- Legacy ciphers are disabled (eg: RC4)
This allows you and your users to stay safe:
- Hide the data as it is being transmitted on the network
- Prevent all modification of data as it is being transmitted on the network
- Prevent MITM (Man-in-the-middle attacks)
- Allow the service to work on restricted networks, over strict proxies