Security with Metalshub
Security of our services and your data is our highest priority. We know that the success of your business depends on your trust in our security. We constantly work to protect your data by using generally accepted best-practices.
At Metalshub, we believe in strong separation: Our servers are hosted on dedicated hardware - the hardware is not shared with other parties and only we can access our systems. We use separate hardware for our production platform, our website, and our internal services. The servers are located in Germany and are physically and logically protected against access while being constantly monitored. The data center is regularly audited and has an ISO 27001 certification.
All our servers are protected by multiple firewalls and have an automated DDoS (distributed denial-of-service) protection. In addition, our intrusion detection system blocks automatically IP-Addresses which show suspicious behavior (e.g. unsuccessful login attempts). Security-related log files are constantly automatically scanned and manually reviewed on a weekly basis. Security-related operating-system updates are applied immediately and automatically.
Access Control and Training
Access to our servers is limited to RSA-Key based authentication (not a login with a password). An absolute minimum number of employees (currently two) and no external parties have administrative access to our servers.
We use a role-based access control system to ensure that every employee only has access to the data which is absolutely required as part of his job. Also, all relevant employees receive regular training in IT Security.
We encrypt your data every time it is sent to us. We use industry-standard Secure Sockets Layer (SSL) protocol which provides data encryption, message integrity, and server authentication. We enable HTTP Strict Transport Security (HSTS) for all our domains and subdomains. Our SSL configuration received an A+ rating in the well-known Qualys SSL Labs audit.
We use state-of-the-art mechanism for storing passwords: They are stored using the “Password-based Key Derivation Function 2” (PBKDF2) algorithm, a password stretching mechanism recommended by the American National Institute of Standards and Technology (NIST) and the German Bundesamt für Sicherheit in der Informationstechnik (BSI). Each password has a unique random salt and is hashed more than a hundred thousand times using the SHA256 algorithm.
Upon request, Metalshub can also limit the IP range for company accounts ensuring that only people from the cleared company network can log in for a certain account. Users can also set an additional layer of security to the authentication process by enabling 2 factor authentication (2FA) for the log-in process.
Every single code change is reviewed and needs approval before it gets deployed to our staging environment. After a staging review, the changes are deployed to our production servers. Every release is both automatically and manually tested for functionality, vulnerabilities, authentication/authorization-based data separation, and other security-related issues.
Internal data security
We use a very restrictive role-based access system to control which employees have access to which data and adhere to the principle of data minimisation, i.e. employees only have access to data needed based on their roles. Additionally all our employees have a confidentiality clause in their employment contract. Violations of this clause may result in termination of employment and possible legal action.
If you have any question, please contact us: firstname.lastname@example.org