For more detailed information on how we keep our systems secure and what steps we take to build security into our products, please refer to this whitepaper. For a summary, read on.
OfficeRnD offers Management Solutions for Coworking spaces, Serviced Offices, and Business Centers. Businesses can manage all aspects of their members and resources, automate billing, invoicing and payments collection and provide white-label member portal and mobile app to their community. Members can leverage OfficeRnD’s highly secure, scalable system to provide a great experience to their members.
We take security very seriously and we continuously look for opportunities to make improvements.
Physical & Network Security
We use Amazon’s AWS platform and infrastructure for OfficeRnD. OfficeRnD employees do not have any physical access to our production environment.
Here are more details about security setup of AWS.
“Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, with military grade perimeter control berms. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in. They are also continually escorted by authorized staff.”
In addition to physical security, being on AWS platform also provides us significant protection against traditional network security issues on the infrastructure such as
- Distributed Denial Of Service (DDoS) Attacks
- Man In the Middle (MITM) Attacks
- IP Spoofing
- Port Scanning
- Packet sniffing by other tenants
We use two-factor authentication for access to all our administrative operations including both infrastructure and OfficeRnD service. Administrative privileges are restricted to very few employees. Additionally, both application level roles and AWS roles are used to ensure only required operations are allowed for specific users.
SSH keys are required to gain console access to our servers and each login is identified by a user. All critical operations are logged to a central log server. In addition, our servers can be accessed only from restricted IPs.
Hosts are segmented and access are restricted based on functionality. That is, application requests are allowed only from AWS ELB and database servers can be accessed only from application servers.
- Secure Access – OfficeRnD application servers can be accessed only via HTTPS. We use industry-standard encryption for data traversing to and from the application servers.
- XSS – All user inputs are properly encoded when displayed to ensure XSS vulnerabilities are avoided.
- Encrypted Data Storage – We do not store sensitive card details on any OfficeRnD network. The keys for various third party services (like payment gateway) are stored in our database in encrypted form.
Vulnerability Scanning & Patching
We periodically check and apply patches for third-party software/services. As when vulnerabilities are discovered we apply the fixes.
Data Storage & Redundancy
We use MongoDB for database. The automated backup feature is configured. We backup data for up to 30 days. Our database runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable.
We use both internal and multiple external monitoring services to monitor OfficeRnD. Our monitoring system will alert the Operations & Security Team through emails, chat and phone message if there are any errors or abnormality in the request pattern.
We are working continuously to make our system secure. If you find any security issues, please submit it to firstname.lastname@example.org. We take security as our highest priority. We will make sure the issue is fixed and updated at the earliest.