Our customers entrust us with sensitive, confidential business data, and we are committed to providing the strongest available security for that data.
All data is transferred securely over an encrypted SSL/TLS channel. Attempts to connect over unsecure channels such as HTTP are forbidden and will be redirected to HTTPS.
Your data is backed up at least once a day and in at least two different geographical locations for maximum protection against data loss or corruption.
Silota’s application servers are separated from database servers that store your data.
All of our servers are regularly patched to ensure your data is protected against the lastest vulnerabilities.
We take the AAA approach to application security:
Users must have valid authentication credentials before being able to view search indices and query them. All account passwords and keys are encrypted and not viewable by Silota personnel.
Furthermore authenticated users need to have the right level of authorization in order to make changes or configure the search engines. For this purpose, we provide write and read keys.
We track all access and usage of your account, allowing for auditing and tracing.
In order to prevent unauthorized use of indexed data, we provide configurable layers of access policies:
All objects in the Silota world have non-sequential and random long integer identification. This makes it very hard to guess valid ids, raising barriers for brute force.
HMAC signatures with a secret key
Shared secret used to create short lived sessions.
IP white list
CORS headers (browser-only)