Secure hosting, both dedicated and cloud, with automation for extra peace of mind.
To provide the most flexible and robust system, FixMyStreet Pro is spread across multiple locations. This ensures we can take advantage of both cloud and dedicated hosting where appropriate, in a way that’s transparent to our end-users.
Automation in testing, deployments, monitoring and infrastructure management means we can make improvements quickly and responsively. We can deploy code changes seamlessly to our production environments many times a day, and migrate applications between elements of our infrastructure, all without interrupting service.
Below are some of the principles that underpin our approach:
|Password Policy||We enforce a minimum standard of password complexity, ensuring that brute-forcing is sufficiently difficult to be mitigated by other practices|
|Packaging||All mySociety servers and the packages on them are regularly and routinely patched to minimise the potential for vulnerabilities|
|Access Control Model||mySociety maintains a least-permissive access control model to reduce potential cross-contamination of access in the event of a security compromise. Where appropriate, processes are jailed|
|mySociety employs both on-line, near-line and off-site backup solutions. All data is encrypted and data verification can take place before restoration to ensure there has been no data tampering|
|Secure access to servers||Privileged credentials are only transmitted to mySociety servers via encrypted protocols (HTTPS or SSH). Credentials are only exchanged in person or out-of-band with manual integrity checking|
|Physical Security||mySociety servers are hosted by Bytemark. Their data centres employ CCTV, 24 hour security and biometric sensors, and their operator is certified to ISO27001:2005.|
|Host Based Firewalling||Every mySociety server runs a host based firewall to restrict inbound and outbound access of traffic|
|Disaster Recovery||We have policies and procedures in place for insuring business continuity in the face of serious problems|
|Redundant backups||We have backups at four different locations, including one which can only be accessed with credentials known to a small subset of the team. All backups are encrypted.|
|Backup checking||Backups are checked every day by an automated script and we conduct regular test restores to confirm data integrity.|
|Server/location-based failover||We have two identical sets of servers in disparate locations, and our live databases are mirrored by warm standby pairs at the opposite location. In the event of the loss of a data centre, databases can be failed over and applications redeployed. Failover is a semi-automatic process.|
|Cloud-based recovery options||In the event of a total loss of all servers and data, we would bring up a temporary service from the previous night’s backups on EC2 instances. We have a template containing our standard build already at AWS.|
|Source code redundant storage||All source code is replicated at commit/push time to at least one other server (this is in addition to the offsite backup above).|