Keeping our platforms secure
Our technical teams recognize that security is an on-going and ever evolving challenge which is why we implement regular software updates and patches. LightRocket is also subject to frequent vulnerability scans and penetration testing, to ensure our systems are as secure as they can be. Book an appointment with our security specialist if you'd like to know more.
User security & data protection
Authentication and Access
LightRocket offers multiple levels of security. These include; 2FA (two factor) authentication, SSO sign-on (single user sign on), email link validation and captcha verifications. All are designed to keep your system and data safe from unauthorized access or attacks.
Security isn't just a question of data, networks and servers. LightRocket is committed protecting and respecting the privacy of all its clients. The company adheres to GDPR standards ensuring that no personal data is collected without consent and data protection officers are available to remove personal data on request.
File & storage security
World Class Secure Storage
All our data is hosted on AWS, which is considered the gold standard for secure storage. Amazon data centers are designed for global latency and are protected by layers of physical security. Its S3 storage service is designed for 99.999999999% (11 9's) durability, and currently stores data for millions of customers around the world.
Always Backed Up
It goes without saying that your data is backed up. LightRocket creates disk snapshots and database backups to ensure rapid recovery if needed.
When it comes to malware, you can never be too cautious. LightRocket uses anti-malware software to scan all incoming files, ensuring your server is always protected. Our systems are regularly updated and patches are applied to block potential vulnerabilities.
Network & server security
To ensure security across all our networks, we define tight Access Control Lists for accessing our networks, both internally and externally, and we use Virtual Private Clouds (VPCs) to isolate our clients' infrastructure within a region.
VPCs also guarantee that communication between different AWS endpoints stays private and never leaks to the public internet.
With tight IAM permissions we ensure that access to AWS resources are limited to scope permissions in AWS infrastructure for purpose-driven users.
WAF (Web Application Firewall) Protection
LightRocket has deployed WAF protection to add an extra layer of protection which filters incoming traffic and defends against sophisticated application attacks, and can help detect and mitigate DDoS attacks.
LightRocket ensures full encryption in transit (TLS 1.2, TLS 1.3). VPN technology is deployed to protect connections to our internal infrastructure. All S3 archive data is also encrypted at rest.
We have deployed industry standard technology which provides notifications of downtime, unexpected latency or packet loss in network routes. We receive alerts about SSL certificate events or changes in infrastructure configuration.