Hosted & Secure

Secure hosting, both dedicated and cloud, with automation for extra peace of mind.

FixMyStreet Pro is hosted on mySociety’s scalable, automated and secure server platform, built on over 10 years’ experience of developing and operating well-known, high-traffic civic engagement services.

To provide the most flexible and robust system, FixMyStreet Pro is spread across multiple locations. This ensures we can take advantage of both cloud and dedicated hosting where appropriate, in a way that’s transparent to our end-users.

Automation in testing, deployments, monitoring and infrastructure management means we can make improvements quickly and responsively. We can deploy code changes seamlessly to our production environments many times a day, and migrate applications between elements of our infrastructure, all without interrupting service.

Below are some of the principles that underpin our approach:

Server Security and Maintenance

Practice Description
Password Policy We enforce a minimum standard of password complexity, ensuring that brute-forcing is sufficiently difficult to be mitigated by other practices
Packaging All mySociety servers and the packages on them are regularly and routinely patched to minimise the potential for vulnerabilities
Access Control Model mySociety maintains a least-permissive access control model to reduce potential cross-contamination of access in the event of a security compromise. Where appropriate, processes are jailed
Backups
mySociety employs both on-line, near-line and off-site backup solutions. All data is encrypted and data verification can take place before restoration to ensure there has been no data tampering
Secure access to servers Privileged credentials are only transmitted to mySociety servers via encrypted protocols (HTTPS or SSH). Credentials are only exchanged in person or out-of-band with manual integrity checking
Physical Security mySociety servers are hosted by Bytemark. Their data centres employ CCTV, 24 hour security and biometric sensors, and their operator is certified to ISO27001:2005.
Host Based Firewalling Every mySociety server runs a host based firewall to restrict inbound and outbound access of traffic
Disaster Recovery We have policies and procedures in place for insuring business continuity in the face of serious problems

Business Continuity and Disaster Recovery

Practice Description
Redundant backups We have backups at four different locations, including one which can only be accessed with credentials known to a small subset of the team. All backups are encrypted.
Backup checking Backups are checked every day by an automated script and we conduct regular test restores to confirm data integrity.
Server/location-based failover We have two identical sets of servers in disparate locations, and our live databases are mirrored by warm standby pairs at the opposite location. In the event of the loss of a data centre, databases can be failed over and applications redeployed. Failover is a semi-automatic process.
Cloud-based recovery options In the event of a total loss of all servers and data, we would bring up a temporary service from the previous night’s backups on EC2 instances. We have a template containing our standard build already at AWS.
Source code redundant storage All source code is replicated at commit/push time to at least one other server (this is in addition to the offsite backup above).

Join one of our regular webinars

Show webinar schedule

Schedule your one-to-one demo

Request a callback

See FixMyStreet Pro for yourself

Try our live demo