When you log in to Switchboard, we confirm your browser is running TLS 1.0 or higher, which secures the communication from your browser to Switchboard. Our data resides on servers that are protected both physically and electronically. Our platform edge is equipped with strong cipher suites controlled by Transport Layer Security (TLS).
You can find out more about our SSL configuration via this third party analysis provided by Qualys.
Our application servers and databases are hosted on Amazon Web Services (AWS), who’s physical infrastructure is hosted and managed within Amazon’s secure data centers. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
PCI Level 1
For more information, visit the AWS SOC Compliance FAQ.
Further steps taken with the Switchboard application layer:
Salted password storage with BCrypt
Password choice requirements
Stripping sensative information from application logs
We also use various static security analysis tools such as Brakeman to prevent common vulnerabilities from being deployed.