LegacyBook is committed to maintaining the integrity, confidentiality, and availability of our customers’ information. We use a multi-layered approach to protect information and constantly monitor and improve our application, systems, and processes to address potential security challenges and demands.
Passwords and single factor authentication are old and outdated means of security that were developed in the 70s and have slowly progressed over time. Relying on these methods alone introduces unnecessary risks when more secure options are available. That is why LegacyBook has chosen to utilize the highest standard of security, multi-factor authentication.
Two-factor authentication relies on the user entering the password they created and a unique, randomly generated one-time password (or number sequence). Security can be elevated further with the user utilizing built-in biometric capabilities available on all modern devices. No longer are the days of a password and information someone knows to verify the user’s identity. With LegacyBook, data can be protected and only accessed with the authorized user’s fingerprint, face, iris, or other biometric reading already stored on their device.
We use Digital Ocean for our data service because of their top-tier data safety and security protocols. Here’s the highlights of why we chose Digital Ocean to protect your data. You can visit Digital Ocean’s Data Security Page for a full report of their data security procedures.
Development team tests all code for security vulnerabilities during development and before release.
Development team monitors notifications and alerts from internal systems to identify and manage threats.
All access to LegacyBook systems are limited to the least amount of access needed for role functionality.
LegacyBook’s leadership carefully selects and vets all employees and contractors to assure that no matter what the person’s role, they’re the best fit.
LegacyBook has selected Digital Ocean data centers that are SOC 1 Type II, SOC 2 Type II, and ISO/IEC 27001:2013 compliant to assure the highest standards of data security and privacy
24/7physical security monitoring services
Facilities are unmarked as to not draw attention from the outside
Battery and generator backup
Generator fuel carrier redundancy
Defense-in-depth layered approach
Multi-factor authentication points
Monitored access and stringent change control mechanisms
Key based authentication
Access limited by Role-Based Access Control (RBAC)
Hard drives and infrastructure are securely erased before decommissioning or reuse
Logging of system actions as well as logins and commands issued by system administrators
Monitoring and analytics capabilities identify potentially malicious activity
User and system behaviors monitored and investigations performed using incident reporting and response procedures
Snapshots and backups are stored internal, non-publicly visible network on NAS/SAN servers
LegacyBook controls the regions where our snapshots and backups exist for security & compliance purposes.