Cloud Platform
Security is something we treat with the upmost importance, this page sets out the security measures we take with both the product and as a company.
Datacentre Location
The Eido cloud platform is hosted in AWS Europe, Frankfurt (Primary Site) and Ireland (Failover Site).
Security Patching
AWS Automation is used for all the server infrastructure which ensures all servers are patched to the latest OS. The patches are applied as follows:
Critical Security patches and updates are applied within 24 hours
High Priority patches and updates are applied within 7 days
Medium and Low Priority patches and updates are applied within 14 days
Data Encryption
Data in Transit is encrypted with a minimum of TLS 1.2. The eido platform is not accessible using < TLS 1.2, access is blocked by our Web Application Firewall as we do not support anything older. The signature algorithm used by the Eido application is SHA256withRSA with a 2048 bit key. Our configuration permits us a score of A at https://www.ssllabs.com and it is our intention for us to maintain that score.
Data at Rest is encrypted using the industry standard AES-256 encryption. Key access and rotation is managed by Amazon Web Services - Europe.
Platform Access
Access to the cloud infrastructure that’s host’s the eido platform (https://app.eido.cloud ) is only accessible to employees who are connected to the VPN. The VPN requires multi-factor authentication.
Platform Monitoring
The Eido availability and security is monitored 24 / 7 / 365. On-call ensures we can immediately respond to any critical platform or security issues in real-time.
Web Application Firewall
All data transmitted to the Eido platform has to go through our web application firewall. Our web application firewall protects our platform against exploitation of a wide range of vulnerabilities such as Session hijacking, session replay attacks, Cross-Site Request Forgery (CSRF) attacks Injection attacks, CSS Injection attacks, and many more, including those published by OWASP. Web Application Firewall logs are sent directly to our monitoring service (Newrelic Europe) for processing, and we are immediately alerted of any abnormalities.
Denial of Service
At Eido, we utilise AWS Shield, which is a managed distributed denial of service (DDoS) protection service that safeguards the Eido infrastructure that hosts our cloud platform. It provides dynamic detection and automatic mitigations that minimize application downtime and latency.
Multi Factor Authentication
For increased security, Eido recommends to customers to enforce the use MFA. This can be switched on by contacting support@eido.cloud.
Backups and Encryption
The Eido Platform is backed up daily and retained for 35 Days. Backups are encrypted using the industry standard AES-256 encryption.
Vulnerability Scanning
Our cloud platform is scanned automatically every 30-days looking for security risks. Our comprehensive set of scans includes OpenVAS, Nmap TCP & UDP, OWASP ZAP, and SSLyze.
SOC Feeds
We subscribe to feeds by the leading cyber security agencies, when an announcement is made, or new critical issue is detected, a security incident will be created for us to review and take action if necessary. The current SOC Feeds we have are: • National Cyber Security Centre • Microsoft Security Response Center • Cyber and Infrastructure Security Agency
Company
VPN
Access to Eido Infrastructure and data is only available to employees who are connected to the VPN. The VPN also requires multi-factor authentication.
2FA Access
Eido Software Ltd uses 2FA for all cloud-based applications, where possible. We guarantee that no customer data is accessible without at least 2 factor authentication.
Company Devices and Compliance
We have a strict policy on company devices. We use Microsoft Intune to ensure all company-issued devices are secure and compliant.