Security Overview
We protect your data. It’s as simple as that, and we’ll make it easy for you to understand why with these in-depth answers about our security measures!
Physical Security
Godeka servers are hosted using Google Cloud Platform. Google’s data centers are PCI DSS, ISO 27017, ISO 27001, SOC 2, and SOC 3 compliant facilities. Data center facilities are powered by redundant power and UPS + backup generators.
Facilities feature vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection. Data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders.
All production are monitored and logically administered by Godeka. Physical security, power, and internet connectivity is monitored by Google.
Godeka offers data centers in the United States, Europe. By default, your account will be hosted in one of our US regions. Customers can choose to locate their Service Data in the US-only or Europe-only*.
Encryption
Communications between you and Godeka’s servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks.
All data is encrypted at rest.
Network Security
Our Security Team is on call 24x7x365 to respond to security incidents.
Our network is protected by redundant firewalls, best-in-class router technology, and secure HTTPS transport over public networks. Additionally, Intrusion Detection and/or Prevention technologies (IDS/IPS) are implemented which monitor and/or block malicious traffic and network attacks.
Network security scanning allows quick identification of out-of-compliance or potentially vulnerable systems.
Access to the Godeka’s Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is audited and monitored. 2FA is required to access the Production Network.
In case of a system alert, events are escalated to our on call IT who are trained on security incident response processes, including communication channels and escalation paths.
Availability & Continuity
Godeka maintains a publicly available status page which includes system availability details and scheduled maintenance.
Godeka employs automatic application scaling and network redundancies to eliminate single points of failure. Our backup policy ensures data is actively replicated across primary and secondary DR systems.
Our Disaster Recovery (DR) program ensures that services remain available or are recoverable in the case of a disaster. This is accomplished through geographically distributed environments, and Disaster Recovery plans.
Our databases are backed up on a daily level with a retention period of 7 days. Also we have a point-in-time recovery process enabled as an additional method of data protection and prevention of losing important information.
Secure Development (SDLC) & Application Security
At least annually our team participates in security training and reviews our security controls.
Testing and staging environments are separated from the Production environment. No customer data is used in the development or test environments.
At least annually, Godeka performs internal penetration testing across all production environments.