Skip to content
Docs
Legal
Secure by Design

Secure by Design

At Managed Functions, we're committed to providing our customers with a reliable, secure Managed Functions. The design philosophy behind managed functions is they have as few moving parts as possible and the smallest attack vector possible. To achieve this:

  1. A single managed function moves each type of data onto the data storage with our cloud provider
  2. Data is stored using each cloud provider’s secure data storage framework and locked down using the cloud provider’s best practices
  3. If a managed function requires a public-facing API then the API is secured using the best practices of the cloud provider and locked down to the customer’s IP addresses where possible. This design allows a specialist third-party to cost-effectively validate the controls in place prior to moving into production. We arrange this for each customer that requests it.

About AWS

We've partnered with Amazon Web Services (AWS) (opens in a new tab) which provides the hardware and infrastructure to support our Managed Functions. AWS was launched in July 2002 and is the most popular on demand infrastructure for commodity computing and virtual secure storage on the planet.

Physical Security

With AWS providing the physical hosting infrastructure, Amazon enforces physical security through a variety of methods as covered in their Security Whitepaper (opens in a new tab). The buildings, servers, and infrastructure of Amazon’s services is the same as their multi-billion dollar AWS retail business, so you can be assured that your application and data are secure.

Transport Security

We encrypt all communication between customers and our data center using high-grade encryption (AES-256 256 bit). Access to Managed Functions is only available through secure sessions (https) and only available with an authenticated login and password. Passwords are never transmitted or stored in their original form.

Perimeter Security

We work with third party security firms and consultants to conduct vulnerability threat assessments including penetration tests. Managed functions are behind firewalls and, where accessible through an API, only accessible via https protocol. Storage infrastructure such as S3 is non-public facing and protected in a manner consistent with AWS best practices. Our employees do not have direct access to production equipment, data storage or customer data, except where necessary for system management, maintenance, and backups. Access to customer data is further restricted to technical and customer support staff on a need-to-know basis. No parties outside EQ8R have access to customer data unless required by law. For more information, please refer to EQ8R’s privacy policy.

Application Security

No customer can see another customer’s data. Data is stored securely using unique keys for each customer.

Reliability and Backup

In addition to the physical redundancy (network, power) that AWS provides, we have redundant configurations for each component of its infrastructure. All customer data is stored on AWS’s S3 service. The S3 service is then replicated throughout the AWS data centers globally.

Disaster Recovery Program

We're able to leverage AWS to provide a best in class disaster recovery program. Using AWS services for data storage as described above we eliminate the risk of customer data loss. If the primary hardware for a customer fails, we can immediately switch over to the secondary hardware, which is running concurrently with the primary. If there is a disaster that fails both the primary and secondary servers, we have the ability to failover to other AWS data centers.