Security

Our customers entrust us with sensitive, confidential business data, and we are committed to providing the strongest available security for that data.

Security Basics

Data Transfer

All data is transferred securely over an encrypted SSL/TLS channel. Attempts to connect over unsecure channels such as HTTP are forbidden and will be redirected to HTTPS.

Data At Rest

1. Backups & Business Continuity

Your data is backed up at least once a day and in at least two different geographical locations for maximum protection against data loss or corruption.

2. Storage Layer

Silota’s application servers are separated from database servers that store your data.

3. Maintenance

All of our servers are regularly patched to ensure your data is protected against the lastest vulnerabilities.

Application Security

We take the AAA approach to application security:

Authentication

Users must have valid authentication credentials before being able to view search indices and query them. All account passwords and keys are encrypted and not viewable by Silota personnel.

Authorization

Furthermore authenticated users need to have the right level of authorization in order to make changes or configure the search engines. For this purpose, we provide write and read keys.

Accounting

We track all access and usage of your account, allowing for auditing and tracing.

Search Engine Security

In order to prevent unauthorized use of indexed data, we provide configurable layers of access policies:

  • All objects in the Silota world have non-sequential and random long integer identification. This makes it very hard to guess valid ids, raising barriers for brute force.

  • HMAC signatures with a secret key

  • Shared secret used to create short lived sessions.

  • IP white list

  • CORS headers (browser-only)