Resources

Our Security Practices

It wasn't for no good reason that we earned and kept our security clearances, of course. Our security policies help safeguard your proprietary algorithms, business rules, database access and other sensitive data. We know the value of good security practices, and our security policies are embedded in our project management practices, our development process and in communicating with you and our partners.

In Secured Development, communications are carried out in encrypted and secure manners. All web access is over SSL, file transfers over SFTP / SSH, files stored on encrypted drives, email and all documents are digitally signed and optionally encrypted. Secured Development is ideal for sensitive projects and confidental applications.

Project Management Security
Development Security
Communications Security

In Project Management

Security in our project management involves safeguarding private data such as server passwords, contact information. We run stringent firewall and anti-virus software on each workstation in addition to our basic network security.

We keep all passwords in an encrypted password storage software to ensure the wide variety of passwords don't need to be written down. Legal and financial documents are stored as strongly encrypted files, whose passwords in turn are stored with other passwords in the aforementioned password vault.

During Development

Security during development involves safeguarding the integrity of source code and data. To achieve this, we store each project on its own strongly encrypted volume (the very secure AES 256 algorithm) which is isolated on a drive from the rest of the operating system. These drives are connected only when we are working on that project. This includes all sourcecode, project documents, records and communications.

Our Testing servers reside on a separate company network. Testing servers have their entire hard drive and memory encrypted (swap space). For some projects, the necessary testing server (meant to replicate the eventual production server) does not support whole-disk encyrption out of the box. In this case, we will track down custom solutions. At the least, we will store the source code under test on an encrypted partition.

Our test servers are accesible to our clients by a proxy from our public internet server. Access is encrypted with SSL (https) and password protected at the server level.

For Communications

Communications security involves preventing third parties from snooping on our confidential communications or when we upload code to your production server. To achieve this, we use only SFTP instead of regular FTP, whose passwords are insecurely passed in plain text over the internet.

To prevent snooping is more difficult, since both parties must cooperate by using the same or similar methods and software. When our clients want us to use encrypted email and IM, we will happily comply. The best solutions are using PGP or GnuPG encrypted email and Silc plugin for different IM systems or AIM for business users which supports encrytped conversations. Lisantra Technologies does not suport secure voice communications at this time.