Seald: documentationInternal security measures
Availability
- Seald's database is hosted in OVH's data centers. It is dimensioned to be highly available and is replicated three times.
- Seald's API service is hosted in OVH's data centers. The underlying application is also configured in high availability.
- The database is backed up daily.
- The file systems of the Seald servers are backed up on a weekly basis.
- The availability of services is monitored by the Cabot application. A report of the availability metrics of the services can be made available on request.
Integrity
- All servers are updated on a monthly basis.
- A continuous monitoring of component vulnerabilities is carried out.
- Security scans are performed on a weekly basis. Safety reports can be made available on request.
- The production servers all have an identical test environment (called "Staging").
Confidentiality
- All incoming flows from the servers are either secure (TLS / SSH) or redirecting to secure flows (HTTP + HSTS).
- Sensitive fields in the database are encrypted, so these data cannot be extracted from backups databases without the decryption key.
- The weekly backup of the disk systems of the Seald servers is also encrypted with a unique key for each server.
- Administrative and server maintenance accesses are only available to authorized employees, according to the principle of the least privilege.
Traceability
- System operations (Unix) are logged via Syslogs and integrated with weekly backups.
- Application operations (Docker) are logged in log files and integrated into weekly backups.
- User events (Seald) are logged in the database and integrated into daily backups.
- Team events (Seald) are logged in the database and integrated into daily backups.