Friday, July 22, 2011
What makes Compendium's platform so secure?
Back in April, cryptography expert and computing security gadfly Bruce Schneier, who is a hero to many on the Compendium Engineering Team, provided an excellent TEDTalk on distinguishing between security against a real threat and the perception of security against a minor threat
, illustrating very well how most people are awful at seeing the real threats.
Achieving computing security in a networked environment is hard to do. The reality for us is that anything that has a publicly accessible IP address runs the risk of attack, and I do mean anything
. When the system is accessed by humans of varying degrees of technical savvy, no amount of tools can possibly protect against the craftiest forms of social engineering
Still, there is no shortage of companies who will take your money to provide hardware, software, and advice with the promise of providing security. In reality, most of these offerings are just selling security as a feeling rather than security as something of substance. It's a distinction most people don't consciously make.
Here at Compendium, we take our clients' data security seriously. Here are a some examples of how we turn that sentiment into reality.
- Our production servers are locked down such that you are not allowed to use a simple user name and password pair log in.
- Access to pages requiring authentication requires SSL, which prevents prying eyes on the network from intercepting authentication credentials and sensitive data.
- Passwords are checked against one-way hashes of the credentials, so we never have to store a cleartext version of the password.
- Access to content is determined by user roles. The only unpublished content that regular users can retrieve and manipulate are their own. Administrators can only see content from their own network that has been submitted for approval.
- Publication of both posts and comments is protected through a moderation process. Bypassing the post publication is an opt-in feature (trusted author) that's determined by the administrator of that network.
- User accounts can be disabled for employees no longer with the organization.
- Compendium's web services API can be accessed only through an SSL connection, using randomly generated 320-bit length keys. In the event of a key compromise, an emergency reset is easy to perform.
- For third-party developers seeking to integrate via callbacks, we provide the option of using SSL communication as well as a digital signature process that can be used to verify the authenticity of its origin.
- We use a third-party auditing service to check our application for possible vulnerabilities and take action on them when they are found.
- More recently, we added an automated screening process for visitor comments that integrates with Akismet, which has filtered close to 30 billion (with a "b") spam comments. On average for the past month, for every legitimate looking comment that winds up getting submitted to the application, there are about 12 comments get discarded as spammy.
Can we provide absolute security? No. No web application can make that claim with honesty. What we can promise is that our team remains vigilant so that our application adapts as new threats emerge and that our clients' data gets regular backups so that we can recover swiftly in the event of a disaster.
This is what truly sets us apart from a self-hosted blogging system and consumer-grade blogging alternatives. For a self-hosted solution, you're the one who has to worry about keeping your system security infrastructure up-to-date. For a consumer grade service, there are so many asterisks and disclaimers in their terms of service that you may have less protection than you think. Compendium worries about these things, so you don't have to.