Security By Design
We back ourselves up with robust data security and privacy practices that form an integral part of our product engineering and service delivery principles.
Behind the scenes
Chillsoft being a custodian of customers' data, a multi-fold model of security architecture, robust product delivery and highly resiliant service platform, are the key tenets of its service delivery.
Protecting your data
We understand the value of data. With our robust system of data safeguards, we allow you to focus on the data rather than on its security
Virtual Private Cloud
Hosted in dedicated VPCs in non-promiscuous mode that are further segmented for increased security and manageability.
Access Controls
Role-based access through IAM that enforces segregation of duties and end-to-end audit trails ensuring access is in accordance with security context.
Encryption
Chillsoft strongly believes in data leakage protection so we follow END to END encryption of data stored in the Chillsoft database. For that we use Hypervisor: KVM, Disk format: qcow2, qed, raw, vid, and vhd formats. Encryption: Opennebula VM and Raft Algorithm.(Further details about Cloud infrastructure Xongl cloud )
Secure IP
Secure administrative tunnel with whitelisted IP addresses for secure connection to the servers for administrative purposes, through a bastion host.
Malware & Spam Protection
Malware and Spam protection applied based on latest threat signatures and supports real-time scanning and security.
DevOps Squad
Our DevOps sprints are powered by a multi disciplinary Squad of members including the Product Owner, Squad Lead, Tribe Lead and Members, and Quality Assurance.
Segregation of Duties
Access to the production is restricted to very limited set of users based on the job roles. Access to the production environment for developers and Quality Assurance team members are restricted based on their job responsibilities.
Integrating to create further wow
Going beyond our already intuitive and agile product suite, we present to you the building blocks kit to make it more bespoke for your business. Our APIs and marketplace apps go through a stringent security testing process before it is published for integrations.
RESTful Architecture
Adoption of an architectural style that simplifies security. Based on the Representational State Transfer Technology, RESTful enables developers to safely expose web services with fine grained modularity breaking the source code into logically atomic components each with its unique security context .RESTful further enables robust authentication powered by standards like OAuth and JWT.
Defense in depth using API Gateway
To protect the authentication tokens in transit, the APIs terminate in the gateway (HA Proxy) only on endpoints that accepts HTTPS over TLS.
OAuth2 is used to authorize all API requests to the target API gateway, without exposing the components deeper in the platform such as Relational Databases and Business logic engines.
API throttling
The number of API calls is throttled (Rate limited) to mitigate application layer DDOS and Brute Force attacks.