Our top priority: SecuritySecurity is our number 1 priority, marketing automation environments are often filled with highly personal and privacy sensitive data that absolutely should not fall into the hands of hackers or competitors. To give a sense of how seriously we take security, we would like to explain a few details of our approach.
There are a lot of access points where security is important, such as:
- Security of the MarketingHeap building
- Physical security of the equipment we work with at MarketingHeap
- Software security of the equipment we work with
- Physical security of the datacenters and the servers
- Software security of the servers
- Strict access control for employees and partners
- Mautic security itself and monitoring
- Access to our social media accounts
Security of the MarketingHeap building and equipmentIn the MarketingHeap building there are devices that have access to the servers of MarketingHeap, it also contains development code from MarketingHeap this should of course not fall into the wrong hands, also the network of MarketingHeap is an important security point. We set the following requirements to guarantee safety:
- The building is secured with an approved security system that is connected to an alarm center. We do this to prevent theft of equipment, for example
- Everyone who enters or leaves the building is noted and only gets access to the necessary spaces. We do not want visitors to see unnecessary information
- Computers are locked automatically when someone leaves their workplace. This prevents unauthorized use of the workstation.
- No code and data may be placed on storage and portable devices. This way we prevent theft and data leaks
- Connection to the servers may only run over the fixed-wired NewHeap network over a VPN connection. That way we can extensively monitor who has access to when and where, and in addition this is an extra layer of security to reach the servers
- Naturally, all employees are screened and may only work if they have a certificate of good conduct
- All devices that contain code or data and devices that connect to the servers have bitlocker encryption. In the event of theft, this data cannot be used / insightful
Security requirements for our PartnersWe only give our partners access to what is most necessary, while the actions that partners take are extensively monitored. We set the same security requirements for our partners as we set ourselves, we check randomly if our partners adhere to these requirements.
Security of the datacenters and serversThe servers are the next point, this concerns both physical security, network security and security of the server software itself. Through the collaboration of Linux / Redhat experts Linprofs and Hosting company Hostbusters, we have taken the following measures, among others:
- The servers are located in data centers of Amazon in Europe. The data centers meet high security requirements
- The servers are extensively monitored for security and security updates
- A few samples are added every month to check the security and to test it
- Only ports 80 and 443 are open, all other ports are closed by default
- The other server ports can only be accessed via a VPN connection, which has 2-factor authentication and can only be accessed from locations defined by MarketingHeap
- The backups are stored encrypted and the access keys are stored in a separate location
Security of Mautic itselfThe next part is Mautic, the software that runs on the server that you use and in which all valuable data is stored and processed. We have built extra security around Mautic to guarantee higher safety requirements.
- Two-factor authentication, it is possible to enable two-factor authentication
- Unusual login ettempts detection, we keep track if there are login attempts from new / unknown locations, at this moment an extra validation needs to be done
- Update control, we keep an eye on Mautic's updates, in case of possible security problems we can force an update or quickfix on all environments to prevent this being abused
- Unkown file detection, when files appear in Mautic that are not recognized or files seem to have been modified, this is automatically reported to our security team who will investigate this immediately