Menu

Coreo Security

Overview

Overview

Coreo is a data collection and management platform.  When you create an account, build projects and submit data, all of your information is stored in the cloud.  This page provides you with a high level overview of the main areas of security related to the Coreo platform.  For more in-depth information, please view our Security in detail page.

Summary

We take data security very seriously.  We strive to ensure that Coreo and your data are safe and secure at all times.  We do that in two ways.  Firstly, we ensure that the systems Coreo uses are world class and have industry leading security.  And secondly, we make sure that we integrate good security practices into everything we do as a business.

Security of our supporting systems

The Coreo infrastructure is hosted on the Heroku platform, which in turn is built on the technology of Amazon Web Services (AWS). Heroku and Amazon continually manage risk and undertake recurring assessments to ensure compliance with industry standards.

All Coreo data is stored in AWS S3 within the AWS EU region, on secure servers in Dublin, Ireland.

Database Backups

The Coreo platform, via its Heroku infrastructure, utilises employs a Continuous Protection system to keep data safe. In the unlikely event of an unrecoverable hardware failure, the database is able to be recovered to within seconds of its last known state.

The database is also backed up regularly and stored on offsite secure storage.

Application Level Security

All passwords within the Coreo platform are salted and hashed. No member of staff can view them. If a password is lost it cannot be retrieved – it must be reset.

All communication within the Coreo platform is encrypted with TLS (see below)

Encryption In-Transit

All network traffic sent within the Coreo platform, including between Coreo backend servers, websites, mobile applications (iOS and Android) uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128-bit Advanced Encryption Standard (“AES”) encryption.

There is no non-TLS option for connecting to Coreo – all connections are made securely over HTTPS.

Encryption At-Rest

All data written to disk within the Heroku database is automatically encrypted at rest.

Organisational Security Measures

Overview

Technical measures are generally only half the story when it comes to security.  The remainder relies on the organisation’s policies, processes and attitudes to security.  Here’s how Natural Apptitude approaches security and focuses on ensuring that the organisation integrates good practice into everything it does.

Simple measures

Good security means doing all the simple things right.  As an organisation we make sure:

Regular external and internal security reviews

Since the Coreo platform is constantly evolving we undertake regular reviews of the security of the platform in step with any changes we make. Updates are always made on our development platform before being migrated to Live and any potential vulnerabilities are dealt with within our development framework first.

We work with an external cyber security consultant to review and assess our security overall, including policies and general work practices.  This also helps us stay up-to-date with any changes in the security landscape so that we can quickly and efficiently reflect these within our security practices.

We also commission vulnerability reviews from external agencies.