Revision as of 15:53, 10 August 2023 by Margit Link-Rodrigue (talk | contribs)
Here we explain the concepts of our cloud services.
Security principles of our cloud services
- 100 percent EU-DSGVO-compliant: The full implementation of EU law (especially data economy, no storage outside the EU and only with companies in the EU) is a self-evident principle for us. You can find out more about this under Certification and Compliance.
- Secure "public cloud": Each of our customers has its own data storage, especially in the file system and database. However, the instances share the services, e.g. the database service, the search service or the PDF creation. All services used are multi-client capable, ensuring that no data can get from one instance to the other. The cloud is administered centrally by Hallo Welt! Updates are applied centrally. The instances share the server resources.
- Authentication and authorisation: The query of authorisations and the assignment of user group rights is supported by BlueSpice through a number of measures. A more detailed description can be found here: Software - Security and Reliability.
- Access restriction for Hallo Welt! or its service providers: As the operator of the cloud, Hallo Welt! must be able to guarantee the uninterrupted operation of the cloud infrastructure and the customer instances on a permanent basis. For this purpose, it may be necessary to connect to the servers. But if we have access to the servers, we theoretically also have access to the client data. Therefore, this access is strictly regulated and limited to very few employees with a high level of trustworthiness and a duty of confidentiality. External service providers of Hallo Welt! do not have access to the data in the cloud at any time.
- Encryption: We support software and server-side encryption methods. Read more about this under: Software - Security and Reliability.
Continuous improvement of the software provided
Our BlueSpice software is constantly being developed and improved. In order to be able to deliver these changes to the cloud in a timely manner, we use the following mechanisms:
- Continuous delivery: Changes in the cloud are made regularly on a weekly basis. If necessary, updates are also made more frequently.
- Automated tests of software and infrastructure: Every change to the system is backed up by automated tests.
- Operation of a quality assurance environment: Every change to the system is pre-tested in an identical quality assurance environment and only imported into the production environment after successful testing.
- Automated delivery: Changes are delivered automatically via our deployment queue. In the event of an error, a previous version can be accessed quickly.
- Hotfix capability: Automated tests and delivery enable us to apply a hotfix to the production environment within 4 hours.
Business Continuity Concept
The following measures protect our customers from damages and interruptions of the cloud services
- Hallo Welt! monitors the availability and performance of the cloud infrastructure and informs about the current status of the services, downtimes and maintenance windows on a status page.
- The services are automatically restarted in case of failure.
- All data is backed up hourly. We back up 4 hours and 7 days. The daily backups are mirrored in a separate data centre. The backups are encrypted.
- Hallo Welt! performs disaster and recovery tests for their cloud infrastructure; the RTO (Recovery Time Objective) is 4 hours.
- Hallo Welt! regularly reviews and improves its security measures.
- Hallo Welt! maintains an emergency manual that covers all existential threats to the infrastructure and how to deal with them.
- Hallo Welt! maintains a risk register.
External links
Please note our additional information on the product website:
Discussions