How we secure your data
Data security is more important now than ever before. We take security seriously and take a multi-layered approach to protecting your documents and other data.
The Waives service has been designed and built from the ground-up with security as a primary consideration. Our culture, development and operations processes keep us focused on security every day.
Our security measures
We believe in being transparent about how our service works and the ways in which we are providing the highest possible security for your documents.
If you would like more information about our data protection promises to your organisation, or if you would simply like us to clarify any aspects of our security procedures, please contact us today.
Secure by design
Waives is designed to have as little of your data as possible for the shortest time possible. Documents are only passed to the service while they are actively being processed, usually only for a few seconds, and are then immediately deleted.
To further increase security, we strictly limit the number of your documents that can be within the service at any time (to ten by default).
During processing, document files are stored in secure Azure storage and encrypted at disk level using 256-bit AES encryption, one of the strongest block ciphers available.
Physical Data Centre Security
Waives is hosted in Microsoft Azure data centres. These offer state-of-the-art physical and logical security for the servers and related infrastructure that comprise the operating environment for the Waives service. Azure data centres are secured and monitored 24/7, and physical access to Azure facilities is strictly limited to select Microsoft staff with multiple biometric controls. See more here.
Instance and Network Security
- Every microservice within Waives runs inside a Docker container. We use Docker to avoid erroneous instance-configuration changes, upgrades, and corruption that are common sources of security breaches.
- Network access to our production environment from open, public networks (the internet) is restricted to just a small number of microservices. Other microservices, servers and data stores are protected from unauthorized external access using Azure Virtual Networks, firewalls and other measures. The service is monitored and protected by Azure's advanced intrusion and protection systems.
- Waives takes all necessary precautions to ensure that every layer involved in data transfer is secured by best-of-breed technologies. All data in transit to and from the service is encrypted using SSL, so you can securely upload documents and download results.
- Our development and testing environments are hosted in a separate network from our production service. Administrative access to systems within the production environment is limited to those engineers with a specific business need and with approval of the CTO. In rare cases staff may need to access your documents to investigate support issues, this will only be done with your consent.
Customer Data Security
Each Waives customer’s data is hosted in our shared infrastructure and segregated logically by the service. All data is tagged with its associated customer so that it can only be accessed by that customer.
All requests to the service are authenticated using industry-standard OAuth2 and OpenID Connect technologies that ensure that your account is secure.
Internal development processes
We take a variety of steps to combat the introduction of malicious or erroneous code to our operating environment and protect against unauthorized access.
All code changes are subject to mandatory code review with the security implications of changes explicitly considered. New versions of the service can only be deployed to our production system through our continuous integration process and once they have passed our exhaustive tests.
Our team adopts the highest standards for management of passwords, keys and other secrets to further reduce the risk of unauthorized access to data.