Our security and infrastructure
  • 27 Aug 2021
  • 7 Minutes to read
  • Contributors
  • Dark
  • PDF

Our security and infrastructure

  • Dark
  • PDF

Security is one of the most important aspects of any SaaS application. As a company that specialises in SaaS products, we develop our products to be up-to-date with the market, and we give the utmost importance to data protection standards, ensuring you that your data is in safe hands.

Document360 uses secure partner products such as Algolia and MongoDB Atlas that have been certified to provide TLS standard security and encryption for data in transit. Microsoft's Azure blob storage services have one of the best data security standards to save your project backups in a secure location.

Quick summary of the security and infrastructure aspects

  • Your data is stored in a remote database hosted by our database service partner, MongoDB Atlas, in a cluster of 3 servers, eliminating any downtime.
  • MongoDb Atlas has TLS end-to-end encryption for the network traffic and the data at rest is stored in encrypted storage volumes.
  • The database is backed up daily, weekly and monthly, and the backups are available for 1 month for restoration.
  • Project back-ups are stored in Microsoft Azure blob storage in various geolocations for the consistency and integrity of your data.
  • We are cloud based and have a secured API, that can be used to access data with the correct API token that has the right permissions. This enables you to control the access rights to your project data.
  • Document360 is hosted on Microsoft Azure Cloud. Therefore, you can rest assured that your data is tightly secured by the latest security protocols and technology meets compliance standards for data security. Microsoft Azure Cloud offers protection against Distributed denial of service (DDoS) attacks by defending common network-layer attacks through always-on traffic monitoring and real-time mitigation
  • The core team is highly technical and understands the importance of security and staying up-to-date with new technologies. They work in coordination with an offshore team to provide the best services for the customers.
The Document360 API docs are available for more details on the use of our API.

Best practices

Here at Kovai Limited, we believe that using best practices creates secure and robust applications. We recommend the users of Document360 to follow our list of best practices to prevent any unexpected data loss or unauthorised access.

List of best practices:

  1. We do not recommend sharing the API key in public or via less secured networks as it can result in unauthorised data access as the key can be used to view or exploit your data. In such a case, we recommend deleting the key immediately and create a new API key for your usage.
    More Info →

  2. We recommend giving only the required permissions to an API key, as this helps keep the data in safe hands and prevents unauthorised users from modifying the data. For example, for viewing "example" set of data, the API key only needs the GET method, this does not let the users modify the data using the API key.
    More Info →

  3. We suggest that the team manager gives the correct access rights to each user as most of our customers have a team that has the access rights to the documentation. We make this simple by having roles that correspond to a certain level of access rights.
    More Info →

  4. We recommend that the users take advantage of the backup functionalities. The automatic backup of the project will happen every day at 00:00 UTC. You can also manually backup your project at any time to keep the changes made safe. Both of these will backup the Settings, Landing Page, Documentation and the Entire Project contents and can be restored at any time to go back to a previous version. This process is made available to keep the users in control and to prevent data loss.
    More Info →

  5. We recommend you use the option to make the document private if needed. Various customers have different use cases for our product, you might want the documentation to be visible for the public or just visible to the internal team members. The project owners can make the documentation private in the latter case and make it not visible to the public.
    More Info →

Security information of integrations used in Document360

Algolia - Search partner

  • SOC2 and SOC3 compliant- Algolia follows all SOC 2 best practices to ensure excellence in each of the AICPA’s five trust service principles. Resulting in securing your data from modern world threats.

  • The API servers support HTTPS and all the versions of TLS 1.0, 1.1 and 1.2 and are given an A rating by Qualys SSL labs

  • Algolia isolates the data of each customer in separate applications, preventing leakage and exchange of information to preserve the integrity of your data.

For more information about the security of Algolia Search, visit Algolia's security docs

MongoDB Atlas - Database service partner

  • Network isolation - MongoDB Atlas dedicated clusters are deployed in a unique Virtual Private Cloud (VPC) with dedicated firewalls. Meaning that your private data cannot be accessed by any third parties.
  • MongoDB Atlas undergoes independent verification of platform security, privacy and compliance controls.
  • End to end encryption - All the network traffic is encrypted using TLS with the flexibility to configure the minimum TLS protocol version. Encryption for data at rest is stored in encrypted storage volumes.
For more information about the security of MongoDB Atlas, visit MongoDB's security docs

Azure Blob Storage

  • Encryption in transit - HTTPS while data transfer is out of the storage and client-side encryption which encrypts the data at the client computer and is then decrypted once transferred to the server.

  • Encryption at rest - Storage side encryption is always enabled automatically encrypts storage service data when writing it to Azure Storage and client-side encryption is also enabled to make the data stored as secure as possible.

  • Advanced threat protection - Provides an additional layer of security that is used to detect unusual behaviour and potentially harmful attempts to access and exploit your storage account.

For more information about the security of Microsoft Azure Blob storage, visit Azure security docs

GDPR compliance

  • Document360 is GDPR compliant and we only collect and store information that is necessary to provide our service, with the consent of our customers.
For more information about GDPR compliance, visit Document360's GDPR compliance page

Business continuity and disaster recovery

To ensure business continuity we have High Availability configured for our web apps and database. We have multiple nodes running for individual services so in case one goes down you still get an uninterrupted experience using Document360.

For any possible disaster - we have our database and data-storage replicated in different geo-locations, so your data is always safe with us.

DevOps Team

A product roadmap is defined and reviewed periodically by the Product Owner. Security fixes are prioritized and are bundled in the earliest possible sprint. Our DevOps sprints are powered by a multi-disciplinary team members including the Product Owner, Director of Engineering, Developers, and Quality Assurance.

  • Code Review

All changes are tested by the Quality Assurance team and criteria are established for performing code reviews, web vulnerability assessment, and advanced security tests.

  • Quality Assurance

Builds are put through stringent functionality tests, performance tests, stability tests, and UX tests before the build is certified "Good to go".

  • Version Control

Source code is managed centrally with version controls and access restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.

  • Segregation of Duties

Access to the production resources is restricted to limited set of users based on the job roles.

Highly Resilient Architecture

The architecture is built with resiliency in mind that ensure high availability for the product and data.

  • High Availability

We have multiple instances of our services running to ensuring high availability of our services for our customers.

  • Highly Scalable DNS

Route users to the best endpoint based on geo-proximity, latency, health, and other considerations.

  • Data Backup

Cloud snapshots are taken every day and retained, weekly and monthly, and the backups are available for 1 months for restoration.

  • Incident & Breach Management

Procedures are established for reporting incidents, and tracking it for timely communication, investigation, and resolution.

  • Azure CDN

We use Azure CDN to make sure our application and customer documentation are served with speed and ensure that they are served from the nearest node.

For more information about Document360's security and infrastructure, contact us (or) book a demo with our experts today.

Was this article helpful?

What's Next