Hippoly's approach to information security
Hippoly's mission is to significantly simplify working life for decision makers. We are extremely aware that the information our users manage and share with each other often is the most sensitive within the organisation and that we have a great responsibility in protecting it. Information security therefore has the highest priority in everything we do at Hippoly. With this document, we want to give you an understanding of our approach to security, how we work and what technical and organisational measures we have implemented to ensure that your information is safe with us.
Security by design
Hippoly has been designed and developed from the ground up to be a service with high security. Ensuring confidentiality, integrity and accessibility is top priority in matters concerning architecture and technical choices, but also when we design the routines and ways of working that are applied when we develop and provide the service.
When data is transported between a user's client and Hippoly's servers, all traffic is encrypted using SSL / TLS which is configured to meet or exceed applicable industry standards.
All data at rest in Hippoly's production environment is encrypted in multiple levels. To achieve highest security and performance, a combination of asymmetric and symmetric encryption is used. Data in each customer-specific workspace is encrypted with customer and object unique keys. All encryption keys are stored on a secure third-party key management(vault) server and out of reach of Hippoly's employees.
Isolation of customer data
All Hippoly customers are using a shared cloud infrastructure and where customer data is isolated through a structure where each customer has their own database.
Hippoly is delivered from several data centers owned and operated by industry leaders within the cloud infrastructure space. The physical security measures taken to protect servers and other infrastructure in the data centers meet or exceed industry standards. All data centers are certified in accordance with a wide range of internationally accepted information security standards.
Hippoly employees only get access to systems and data that they must have access to in order to perform their tasks. There is a small number of employees who have access to the production environment and who those are that have this access is controlled on an ongoing basis.
All access to systems that contains sensitive information takes place via a central user directory and requires login with a combination of strong passwords and multi-factor authentication. All passwords to the systems are managed with a special password software that ensures that password-related risks are reduced. All access to the systems is logged and the logs are controlled continuously.
Hippoly using specific networks for its testing and development systems, separated from the network used for the production systems. Servers in the production network are set up and configured in a way that the number of attack surfaces are minimised. Access to the production network from the Internet is limited to a few servers and the environment has real-time protection against DDoS (Denial of Service) attacks.
Monitoring, logging and alarms
Hippoly monitors all resources included in the production network and all activity is logged. To effectively detect potential errors and vulnerabilities, most parts of the process for analysis and sending alarm is fully automated.
In the event that there is a risk that a security incident may occur, Hippoly has prevention processes and routines in place that are continuously tested and improved. There are also mitigating processes and routines in place in the event that a security incident actually has occurred. These routines describe, among other things, what activities are to be taken to counteract or minimise damage related to the incident and how communication regarding the incident is to take place.
Deletion of data
Customer data that a user chooses to delete is deleted from Hippoly's production environment immediately and from backups within 14 days. To avoid consequential problems and make recovery easier in cases where a user accidentally deletes document files, Hippoly applies so-called soft deletion of all documents managed on the service. This means that when documents are deleted from the workspace they will end up in a trash bin from which they can be recovered. If documents files are deleted from the trash bin, a hard deletion will occur and the files can no longer be recovered.
Hippoly's cloud infrastructure provider is responsible for ensuring that all traces of data are removed on physical storage disks before they are discarded or possibly reused.
Hippoly’s production environment is redundant and built to be fault tolerant. In the event of a disaster of any kind in our primary data centers, replication and failover take place automatically to secondary data centers. Hippoly backs up all data every hour. The backups, which contain only encrypted data, are stored separately from the primary data centers. Testing of backups takes place continuously to ensure that they can be restored correctly.
Hippoly has developed a way of working that is used to manage all changes to the service and which ensures that only approved changes reach the production environment. All changes are stored version-managed and undergoes both automatic and manual quality tests to ensure that, among other things, safety requirements are met.
When we develop Hippoly, we follow accepted guidelines and frameworks for how to write secure code. All code changes are reviewed by at least one more developer than the one who wrote the code in order to identify potential vulnerabilities.
Third party security audits
Hippoly continuously uses third parties for safety-related audits of both the application and the production environment.