Skip to main content

Security

Datasert has been developing products for Salesforce since 2010, starting with Realfire With Realtask and Datasert Apps in general, security as a feature is a before thought rather than after thought.

Here are the security practices that we follow to ensure that information you entrusted to us as part of the application usage is dealt with care and diligence that it deserves.

Employees Security

Datasert uses enterprise sso with mfa for all of its employees so that we have a single point of gateway to control employee access.

Coding Practices

We use GitHub/GitLab as preferred Source Code repository vendors. Each code commit into version that goes to production peer reviewed for following things.

  • Ensure that code does not log any sensitive information including credentials/pii and customer data
  • Code commit does not include any kind of access keys or system passwords hard coded in plain text
  • Code clears the memory of sensitive information immediately after it is used to establish necessary connection
  • All access points are ensuring that access is Authenticated and has appropriate Authorization (including appropriate service and data access)

Cloud Platform secure Practices

Datasert uses AWS as preferred platform vendor and leverages various security tools/practices that comes with the platform.

For example,:

  • We use Cloud formation for all infrastructure/code deployment

    This ensures that we do not have any manual intervention in deployment code and hence introducing risk.

  • Separate AWS Accounts for Production environment

    We use separate environment each environment including Production. This helps to control the access to an environment by as needed basis.

  • AWS Kms Keys

    We encrypt all sensitive data using Kms Keys. We use separate key for encryption of internal sensitive data vs customer sensitive data.

  • System Parameter Store (with Secure String type)

    AWS Parameters Store is a managed service that allows application developers to store the application parameters. Secure String type automatically encrypts the data that we save using AWS own internal key.

  • IAM Roles/Policies for all Personnel with the least Privilege Model

    All employees who access production environment are given separate roles with access to only specific resources.

Customer Credentials

Customer credentials deserves to be treated with additional security layer compared to all others due to nature of it. This includes any passwords they provide as part of Connection setup, oauth access tokens and secret keys etc.,

These super sensitive information is encrypted using three factors as follows.

  • First-factor is application level symmetric encryption

    As part of the application deployment we provision a key called application key. It is provisioned via CI deployment. This application key is used to customer provided plain text.

  • Second-factor is the Customer Kms Key encryption

    Cipher from the previous step is re-encrypted using Customer Kms Key.

  • Third-factor is the service level encryption

    Use use Aws System Parameter Store to persis cipher from second step as secure string. This is encrypted third time before saving to persistent storage.