Last Modified: March 4, 2024

Application Security Overview

Cropster applies a myriad of security mechanisms to ensure the integrity, privacy and security of the data of our customers. At Cropster we know that security is a moving target, that is why we are constantly expanding and strengthening our security framework posture to comply with or exceed the technological security and privacy standards of the time, ahead of time.

Data protection and privacy

Personnel

All our employees sign confidentiality agreements before gaining access to our code and data. Everybody at Cropster is trained and made aware of security concerns and best practices for their systems.

Remote access to applications and data is based on the SSH protocol, using public key authentication, combined with an additional two-factor authentication step. Access itself is limited to employees who need access for their day to day work and further restricted by IP addresses. All connections to the services are monitored.

Data location

Our primary data centers are in the Amazon Web Services (AWS) EU (Ireland) Region. All data is and will remain stored in European data centers.

Full redundancy for all major systems

Our servers — from power supplies to the internet connection to the air conditioning systems — operate at full redundancy.

Data center security

Our state-of-the-art servers are protected by biometric locks and round-the-clock surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches.

Encryption in transit and at rest

Over public networks we send data using strong encryption. We use SSL certificates issued by Amazon. The connection uses AES_128_GCM for encryption, with SHA256 for message authentication and ECDHE_RSA as the key exchange mechanism. You can check our currently supported ciphers here: https://www.ssllabs.com/ssltest/analyze.html?d=c-sar.cropster.com

All passwords are encrypted using BCrypt with a cost factor of 10. Our database and snapshots are encrypted at rest. A unique 256-bit data encryption key (DEK) is used for each database instance.

Application security

We run our applications in Docker containers on top of Amazon EKS. We use the latest Amazon EKS-Optimized Amazon Machine Images (AMIs), which is built on top of Amazon Linux 2. Security updates for the AMIs are provided and maintained by Amazon Inc. We use Infrastructure as Code (IaC) which removes the risk associated with human error, like manual misconfiguration and prevents the existence of so called snowflake servers. Meaning servers that have a different configuration and/or are out of date. Our online applications pass through two stages (development and staging) for testing before going into production.

Physical security

AWS, the world leader when it comes to cloud computing, takes several measurements to provide physical security, as well as protection on the infrastructure and data layer.

Disaster recovery

All data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Our backups are tested on a regular basis and in addition to our main data center.

We offer a Recovery Point Objective (RPO) and Recovery Time Objective (RTO) of 24 hours.

Conclusion

Security isn’t just about technology, it’s about trust. Over the past 17 years we’ve worked hard to earn the trust of thousands of companies world wide. We’ll continue to work hard every day to maintain that trust. Longevity and stability is core to our mission at Cropster.

For concerns that are urgent or sensitive, please email us on our security channel security@cropster.com so that it can be handled promptly by our security team.