smooster And Security - This Is How We Provide Security On A Business Level
2014.07.09 by Sebastian Maier
The security of all data in the various fields, namely, the CMS, the websites, as well as the access and user data, is extremely important to us.
Below we will tell you all about how we ensure smooster’s security in terms of access & CMS software, availability, privacy, and infrastructure. Since this topic inevitably requires a lot of technical terms and users’ interest in the details tends to vary greatly, we have decided to divide the texts in two layers.
The first layer contains a shorter, easily understandable version and deals with the security measures and their effects. If you want to learn more about the individual measures and are familiar with the technical terms, you can get to a more in-depth version with all the details.
smooster CMS, the software used to edit the websites, is protected by a user name (email address) and password chosen by the user. This combination of user name and password is called smooster ID. Your smooster ID only provides access to the websites another user has granted access for to your email address. In order to further increase security, the CMS software and the smooster ID are separate from each other. The smooster ID only allows access to the CMS and doesn’t pass on any of the data stored there to the CMS. More
We ensure constant availability of the website and protection from interruption by permanently monitoring the functionality of all three sectors: smooster ID, CMS software, and the websites. A high number of servers running the CMS Software assures the reliable availability of the CMS. A global CDN (Content Delivery Network) is used in order to make sure that the websites are quickly delivered, that is, displayed without delay, worldwide. This only pertains to the websites, i.e. the homepage and all subpages, as well as the text and images displayed on them. The CMS software and the smooster ID aren’t run on the CDN. More
As mentioned above, the three sectors, user data (smooster ID) hosting, CMS software hosting, and website hosting are stored on separate, independent servers. Thus the CDN, which allows for speedy worldwide delivery of the websites, has nothing to do with the CMS Software hosting infrastructure or the user data.
The smooster ID and all related customer and payment information provided by you, are stored exclusively on European servers for data protection.
The security of the hosting infrastructure is ensured virtually, by firewalls and other security systems, as well as on the server location itself by physical security measures, such as access controls, fire safety, power protection, climate control, etc. More
oAuth 2.0 security standards are used in separating login data (smooster ID) from the CMS software. This way, the exchange of information between the personal data in the smooster ID and the CMS software is controlled. The smooster ID functions as access to the CMS software and the payment feature. The personal information managed there, such as first and last name, password, language setting, etc. can’t be accessed by the CMS.
The sensitive parts of the smooster ID, such as the login area or the payment process are secured by a strong SSL encryption.
Logging and monitoring of the hardware, software, and the server operating systems ensures the constant availability and protection from interruption of all three sectors: smooster ID, CMS software, and the websites. These are performed by us as well as by our partner on the server side, which you can learn more about here.
The separation of CMS software hosting infrastructure and the website hosting infrastructure ensures that there won’t be any interruptions due to dependencies. On the part of the CMS software we achieve high availability with redundant servers (application server, database server, and background job server). In terms of the website hosting, a CDN, utilizing redundant servers as well, ensures high speed through geo-location optimized delivery of the websites.
The high security of the hosting infrastructure is achieved virtually using firewalls, intrusion detection, and DDOS mitigation technology. On the server location itself, physical security measures, such as access controls, fire safety, power protection, and climate control provide additional security.
In terms of infrastructure, smooster is working with highly experienced partners. More information about the security of our partners AWS and EngineYard can be found on their websites:
Did we leave any questions unanswered? Please write us, and we will get back to you as soon as possible.