There are multiple layers of protection keep your data secure at the Network & Server level. Our approach includes physical security at our colo facility, encrypting all data in transit (via HTTPS), industry standard protection including firewalls, network vulnerability scanning, network security monitoring, and intrusion detection systems.
GitClear hosts its infrastructure at a data center hosted by Digital Fortress in Seattle. Per Digital Fortress documentation, security measures on premises include
24/7 on-site security staff
24/7 key card access
24/7 camera surveillance and 90 day video retention
CCTV with closed circuit monitoring in two NOCs
Access with biometric entry to facility
GitClear's database server has no public IP address and is only available through a private network within our server rack at Digital Fortress.
SSH access to GitClear's private internal network first requires VPN login to get past a firewall layer and receive an IP endpoint through which server login can be attempted. All VPN logins are logged, emailed, and flagged for review by GitClear DevOps team members.
After establishing VPN access, GitClear servers additionally require a private SSH key to access; password login is disabled on all servers. Access to individual servers is logged and recorded to a searchable cloud-based logging system that allows logins to be reviewed and audited at any time.
Login as root is disabled across all GitClear servers.
We collect and upload system logs used to audit SSH access and otherwise monitor system access and functionality. All application logging is filtered for 10+ sensitive parameters, including all permutations of Provider Tokens sent by git providers and the payment tokens delivered by Stripe.
The following external services are used by GitClear to provide our SaaS version at https://www.gitclear.com:
Amazon S3. Used for storing repo avatars and database backups. Database backups are stored encrypted in a private bucket of an S3 account that requires two-factor authentication and is limited to Devops personnel with specific access clearance. Database backups do not contain the decryption keys needed to view Provider Tokens and other sensitive data that is encrypted at rest (then encrypted again as part of the database backup process).
New Relic. Used to monitor performance and to capture selected system logs for security auditing. All log data transferred to New Relic has been filtered for sensitive parameters and is transmitted over HTTPS, as described in New Relic's security documentation.
Google Analytics. Google Analytics is used on GitClear's SaaS site https://www.gitclear.com to gauge which content pages are resonating with prospective customers. GitClear parameterizes Google Analytics not to store a customer's IP address, and does not include remarketing tags.