Security @ hoggo
At hoggo, our mission is very clear: we're committed to the security of your data, treating it with the utmost confidentiality, preserving its integrity, and ensuring uninterrupted accessibility.
Let’s dive into some details:
Our primary focus revolves around preserving the confidentiality of your data, maintaining its integrity, and ensuring it's always prepared for any digital challenges. Moreover, we actively advocate for heightened awareness regarding the significance of robust security practices.
To ensure a uniform and rigorous approach to security, all individuals associated with hoggo must adhere to our security protocols.
We don't require access to your company's data to provide our services. We minimize our data collection, and the data you provide through our platform is secure. Below you can find more details about how we keep your data secure.
We would like to highlight important security principles we adopted to keep your data safe:
Data Encryption
Employing advanced encryption methods, we render your data indecipherable, whether it's traversing the internet or residing securely on our servers.
Access Control
Strict access controls are enforced, and multi-factor authentication provides an additional layer of defense, ensuring only authorized personnel gain access.
Regular Security Testing
We conduct routine testing to identify and rectify vulnerabilities proactively, ensuring a robust defense against evolving threats.
Backups and Disaster Recovery
Comparable to having a spare key, regular backups and a robust disaster recovery plan guarantee the availability and integrity of critical data.
Security Updates and Patching
Consistent updates keep our systems and software fortified with the latest security patches, closing potential vulnerabilities and ensuring a secure operating environment.
Zero Trust Principles
By treating every access attempt as potentially unauthorized, our security posture is enhanced by minimizing trust assumptions.
Vendor Security
Our commitment extends to third-party services, ensuring they adhere to high-security standards, fortifying against vulnerabilities arising from external dependencies.
Secure Software Development Practices
Security is ingrained into our software development lifecycle (a practice called “Shift-left”), mitigating security risks before they get installed on the production systems.
To provide greater transparency and clarity, let's delve into more specific details regarding our security posture:
User and usage data that hoggo collects through its software is stored in Germany, European Union (EU) on the Amazon Web Services infrastructure. Access to the AWS infrastructure is limited to hoggo team members on a need-to-know basis. Our application and database servers run inside an Amazon Virtual Private Cloud (VPC). Backend databases are encrypted at REST and run in a private part of the VPC and thus not directly exposed to the internet. Only systems with a direct technical need are exposed to the public (e.g. frontend web servers, load balancers, and other systems, which directly serve customer traffic).
hoggo transmits data from the user's browser to our system only using secure protocols (e.g. HTTPS).
We understand that identity and access management (IAM) is a top priority for every business. That's why we chose Auth0, a leading platform that offers a suite of powerful security features to safeguard your digital identity, thus protecting application and user data.
Auth0 follows industry best practices, implementing standards such as OAuth 2.0 and OpenID Connect, ensuring that your application's authentication adheres to the highest security standards. Offering advanced features like passwordless logins, multi-factor authentication (MFA) and anomaly detection Auth0 can provide an extra layer of protection against unauthorized access.
AWS Identity and Access Management (IAM) plays a crucial role in managing access to AWS services, and it facilitates the use of short-lived credentials through features like IAM roles and temporary security credentials.
Only hoggo engineers who require permissions to perform their job are given access (least privilege principle). Engineers who do have access, have their own credentials and every access attempt gets monitored and irrevocably logged.
We periodically conduct full database backups, stored on Amazon Cloud Storage (AWS S3) and kept for at least seven days.
We understand that Business continuity and high availability are essential for our users as they ensure uninterrupted access to services, minimize downtime, and contribute to data integrity.
By leveraging self-healing AWS PaaS (Platform-as-a-Service) services under the shared responsibility model, hoggo and its users benefit from AWS-managed automation for self healing, fault tolerance through multiple Availability Zones and/or Regions, and scalability with load balancing and automatic scaling. While AWS takes care of the infrastructure-level aspects, hoggo is responsible for optimizing its applications to fully utilize these features, ensuring a resilient and highly available environment. There is active monitoring and alarming in place for both the application and the infrastructure of hoggo.
Our Infrastructure is currently hosted on Amazon AWS. AWS is ISO27001 and SOC2 certified, which ensures an additional layer of credibility and security.
You can read more about AWS ISO-27001 Certification here (https://aws.amazon.com/compliance/iso-27001-faqs/) and more about AWS SOC2 third-party audit reports here (https://aws.amazon.com/compliance/soc-faqs/).
Our commitment to keeping your data secure started since the first day of hoggo’s existence and extends across every facet of hoggo – from our employees and trusted contractors to our reliable vendors and digital contributors integrated into our broader network.
We also conduct an annual security check-up to ensure the efficacy of our defensive measures.
Our Chief Technological Officer (CTO) is in charge of keeping our digital realm secure. Should you have any questions or concerns, please feel free to reach out to him via email at: [email protected]
As the digital world develops, we may need to update our security measures from time to time.
Should we need to, we will make sure to share them with you here. We will also make sure that any such potential updates or changes to our security measures will ensure either an equivalent or enhanced level of security.