The security of your sensitive information is something that we take very seriously. Here are a few of the procedures for all GVS projects.
What You Should Do
When sending passwords or any other sensitive information, please only use the telephone or encrypted files.
If possible, use SSH/SCP/SFTP to access your site rather than something like FTP. We will always use a secure channel if possible.
What We Do (where possible)
- Firmware / Hard drive passwords: having an operating system password is pretty useless if the hard drive itself isn't password protected. Anyone who steals the laptop can just override the operating system password to get access to the hard drive.
- Encrypted Data: protocols like FTP send data in clear text which means anyone on the network can read your files and username/password for the site. Instead it is much more safe to use SSH/SCP/SFTP to transfer files. The same applies for data sent to web sites over HTTP instead of HTTPS.
- Development Servers Aside from laptops, the other main place your data might get stored is on an Amazon Web Service EC2 or EBS device. Naturally these servers are only accessed via SSH or HTTP. Amazon has published information about the security practices for AWS products.
While there are certainly ways to make this more secure, these are as good or better than current industry standards.
