zeekoi_logo

Security

Infrastructure security

1) Network security

Our network security and monitoring techniques are designed to provide multiple layers of protection and defense. We use firewalls to prevent our network from unauthorized access and undesirable traffic. Our systems are segmented into separate networks to protect sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting Zeekoi production infrastructure.

We monitor firewall access with a strict, regular schedule. A network engineer reviews all changes made to the firewall every day. Additionally, these changes are reviewed every three months to update and revise the rules. Our dedicated Network Operations Center team monitors the infrastructure and applications for any discrepancies or suspicious activities. All crucial parameters are continuously monitored using our proprietary tool and notifications are triggered in any instance of abnormal or suspicious activities in our production environment.

2) DDoS prevention

We use technologies from well-established and trustworthy service providers to prevent DDoS attacks on the servers. These technologies offer multiple DDoS mitigation capabilities to prevent disruptions caused by bad traffic, while allowing good traffic through. This keeps our websites, applications, and APIs highly available and performing.

3) Server hardening

All servers provisioned for development and testing activities are hardened (by disabling unused ports and accounts, removing default passwords, etc.). The base Operating System (OS) image has server hardening built into it, and this OS image is provisioned in the servers, to ensure consistency across servers.

4) Intrusion detection and prevention

Our intrusion detection mechanism takes note of host-based signals on individual devices and network-based signals from monitoring points within the servers. Administrative access, use of privileged commands, and system calls on all servers in our production network are logged. Rules and machine intelligence built on top of this data give security engineers warnings of possible incidents. At the application layer, we have our proprietary WAF which operates on both whitelist and blacklist rules.

At the Internet Service Providers (ISP) level, a multi-layered security approach is implemented with scrubbing, network routing, rate limiting, and filtering to handle attacks from network layer to application layer. This system provides clean traffic, reliable proxy service, and a prompt reporting of attacks, if any. 

Data security

1) Data hosting

Zeekoi uses Digital ocean Services to host your data. Even with public WiFi connections, passwords to Zeekoi products cannot be stolen. Users can confidently open Zeekoi products in public places through WiFi or mobile network connections.

Zeekoi is accessed exclusively through an SSL connection, from initial authorization to the downloading and uploading of company data

2) Secure by design

A change management policy controls each update and new feature to guarantee that all application changes are approved before being put into production. Our Software Development Life Cycle (SDLC) requires adherence to secure coding standards as well as manual review methods, vulnerability scanners, and tools for analysing code modifications for potential security flaws.

Our strong security architecture, which is built on OWASP standards and applied at the application layer, offers functionality to counteract threats like SQL injection, cross-site scripting, and application layer DOS attacks.

3) Data isolation

For our clients, our framework manages and distributes cloud storage. Using a collection of secure protocols built into the framework, each customer’s service data is logically segregated from that of other customers. As a result, no customer’s service information is made available to another customer.When you use our services, the service data is saved on the Digital Ocean server.for more about digital ocean privacy https://www.digitalocean.com/legal/privacy-policy

 You are the owner of your data, not zeekoi. Without your permission, we do not disclose this information to any outside parties.

4) Encryption

In transit: All customer data transmitted to our servers over public networks is protected using strong encryption protocols. We mandate all connections to our servers use Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers, for all connections including web access,API access,our mobile apps, and IMAP/POP/SMTP email client access. This ensures a secure connection by allowing the authentication of both parties involved in the connection, and by encrypting data to be transferred. Additionally for email, our services leverages opportunistic TLS by default. TLS encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol.

We have full support for Perfect Forward Secrecy (PFS) with our encrypted connections, which ensures that even if we were somehow compromised in the future, no previous communication could be decrypted. We have enabled HTTP Strict Transport Security header (HSTS) to all our web connections. This tells all modern browsers to only connect to us over an encrypted connection, even if you type a URL to an insecure page at our site. Additionally, on the web we flag all our authentication cookies as secure.

At rest: Sensitive customer data at rest is encrypted using 256-bit Advanced Encryption Standard (AES). The data that is encrypted at rest varies with the services you opt for. We own and maintain the keys using our in-house Key Management Service (KMS). We provide additional layers of security by encrypting the data encryption keys using master keys. The master keys and data encryption keys are physically separated and stored in different servers with limited access.

5) Data retention and disposal 

We hold the data in your account as long as you choose to use Zeekoi Services. Once you terminate your Zeekoi user account, your data will get deleted from the active database. In case of your unpaid account being inactive for a continuous period of 90 days, we reserve the right to terminate it after giving you prior notice .

6) Web server

A specialized server environment which does not allow write access to the local file system is used along with a customized PHP module which ensures isolation among users and security of user data.

7) Data transfer

Data transfer for all users is carried out via an SSL-encrypted connection (with a 256-bit key

8) Application level

Zeekoi proactive protection blocks 100% of web attacks attempting to use application vulnerabilities. Malicious users do not have any opportunity to load malicious code via PHP. The web application conforms to WAFEC 1.0 standards. Access to Zeekoi products is provided to users (companies) in complete isolation from other users, with hashed passwords protected with cryptographically strong algorithms. Limitation to specific subnets and logging of potentially threatening activity is also possible.

9) Administrative access

We employ technical access controls and internal policies to prohibit employees from arbitrarily accessing user data. We adhere to the principles of least privilege and role-based permissions to minimize the risk of data exposure.

Operational security

1) Operating system

At the level of the operating system, the Zeekoi web server is behind a firewall where all ports are closed with the exception of those which are used for system purposes. Technical access to the server is carried out exclusively through Zeekoi subnets.

2) Logging and Monitoring

We track and examine data from services, internal network traffic, and usage of devices and terminals. Event logs, audit logs, fault logs, administrator logs, and operator logs are the formats in which we keep track of this data. In a fair amount, these logs are automatically watched and analysed to assist us spot anomalies like attempts to access customer data or strange activity in employee accounts. In order to administer access control centrally and guarantee availability, we store these logs on a secure server that is segregated from full system access.

3) Backup

We run incremental backups everyday and weekly full backups of our databases using Zeekoi Admin Console (ZAC) .Backup data in the DC is stored in the same location and encrypted using AES-256 bit algorithm. We store them in tar.gz format. All backed up data are retained for a period of three months. If a customer requests for data recovery within the retention period, we will restore their data and provide secure access to it. The timeline for data restoration depends on the size of the data and the complexity involved.

To ensure the safety of the backed-up data, we use a redundant array of independent disks (RAID) in the backup servers. All backups are scheduled and tracked regularly. In case of a failure, a re-run is initiated and is fixed immediately. The integrity and validation checks of the full backups are done automatically by the ZAC tool.

From your end, we strongly recommend scheduling regular backups of your data by exporting them from the respective Zeekoi services and storing it locally in your infrastructure.

Customer controls for security

So far, we have discussed what we do to offer security on various fronts to our customers. Here are the things that you as a customer can do to ensure security from your end:

  • Pick a strong, one-of-a-kind password, and safeguard it.
  • To ensure that mobile applications are protected against vulnerabilities and using the most recent security features, utilise the most recent browser and mobile operating system versions.
  • Take acceptable safety measures while transferring data from our cloud environment.
  • Sort your data into personal and sensitive categories and label each one appropriately.
  • Manage roles and privileges associated with your account and keep an eye on devices connected to your account, current web sessions, and third-party access to identify any unusual activity.
  • Be on the lookout for suspicious emails, websites, and links that could be used to exploit your private information by imitating Zeekoi or other services you rely on in order to avoid phishing and malware risks.
zeekoi logo1

© 2022,Zeekoi Enterprise Solutions PVT. LTD.  All Rights Reserved.

Copyright © 2022 Zeekoi Enterprise Solutions, All rights reserved.