Data Security and Infra

Discover how Gallabox prioritizes data security with a multi-layered approach, including infrastructure, access controls, encryption, and auditing, to safeguard customer data integrity.

In the rapidly evolving digital landscape, data security remains a paramount concern for any software products. Gallabox solution adheres to the highest standards of data security, ensuring the integrity, confidentiality, and availability of customer data. This section outlines our robust approach to securing data across various dimensions of our product.

Advanced Role-Based Access and Audit Controls
  • Two-Factor Authentication: Adds an additional layer of security for user authentication.

  • Granular Role-Based Controls: Implements team-based and channel-based access with features like phone masking.

  • Internal Restrictions: Ensures data is not accessible outside the organization.

  • Exhaustive Audit Logs: Keeps detailed records of all data interactions.

  • Controlled Troubleshooting: Allows troubleshooting only with approved access.

Secure and Scalable Hosting Infrastructure
  • Scalability: Supports both horizontal and vertical scaling for consistent performance.

  • Advanced Cloud Infrastructure: Implements cutting-edge cloud infrastructure and data security principles.

  • Role-Based Authentication: Ensures data is accessible only to authorized personnel.

  • Secure Data Downloads: Data extraction is controlled and requires necessary approvals.

  • Integration Flexibility: Offers various secure integration models, including HTTPS.

  • Containerization: Utilizes Docker for secure and efficient application deployment.

  • Inbuilt Security in AWS and MongoDB Atlas: Leverages inherent security features for enhanced protection.

Enhanced Data Security Measures
  • HTTPS for Secure Communication: Utilizes trusted, auto-renewable certificates for HTTPS integrations.

  • Encryption: Ensures all data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256)

  • Authorized User Access: Restricts data viewing to authorized users on the Gallabox Web/App Console, additionally we enforce Multi-Factor Authentication (MFA) for all users

  • Role-Based Data Access: Implements client-defined, authenticated roles for data access.

  • Database Security: Limits database access to approved IPs within the VPC.

  • Audit Trail: Maintains detailed logs of all data access and modifications.

Robust Backup and Recovery Infrastructure
  • Geographic Distribution: Backups are distributed across multiple zones, with a primary data center in the US.

  • Continuous Backup and Easy Restoration: Offers 2-hour continuous backup and efficient one-click data restoration.

Secure Source Code Management
  • Private Repositories: Manages source code in secure, private GitHub repositories.

  • Two-Factor Authentication: Requires this for all contributors' GitHub accounts.

  • Regular Key Rotation: Periodically rotates SSH keys and Personal Access Tokens.

  • Strategic Release Management: Employs well-defined branching strategies for controlled releases and rollbacks.

  • Continuous Integration: Uses Jenkins for continuous integration and code audits.

Data Security Controls

Gallabox follows industry-standard security practices to ensure the protection of customer data. We have implemented multi-layered security controls across four key areas:

Predict (Proactive Risk Assessment & Monitoring)

āœ… Penetration Testing ā€“ Periodic tests to identify vulnerabilities in applications & infrastructure āœ… Security Audits ā€“ Annual audits for compliance, we are in-process of getting SOC 2 and GDPR compliant

In-Progress:

āœ… Risk Assessments ā€“ Regular security risk assessments & threat modeling


Prevent (Prevention of Security Incidents)

āœ… Access Control ā€“ Role-Based Access Control (RBAC) & Least Privilege Principle āœ… Multi-Factor Authentication (MFA) ā€“ Enforced for all user accounts āœ… Data Encryption ā€“ AES-256 encryption for data at rest, TLS 1.2/1.3 for data in transit āœ… Firewall & Network Security ā€“ Cloud-based Web Application Firewall (WAF) and VPN restrictions āœ… Secure Software Development (DevSecOps) ā€“ Code security reviews, secure API practices, and CI/CD security integration


Detect (Real-Time Threat Monitoring & Logging)

āœ… Security Information and Event Management (SIEM) ā€“ Logs all security events for anomaly detection āœ… Endpoint Detection & Response (EDR) ā€“ Protects against malware & insider threats

In-process

āœ… Intrusion Detection System (IDS) ā€“ Monitors network traffic for suspicious activity āœ… Cloud Security Monitoring ā€“ Continuous monitoring of cloud workloads for unauthorized access āœ… Automated Log Analysis ā€“ Real-time alerts for potential data breaches or security violations


Correct (Incident Response & Recovery Mechanisms)

āœ… Incident Response Plan (IRP) ā€“ 24/7 security team for rapid incident response āœ… Data Backup & Disaster Recovery ā€“ Regular backups with geo-redundant storage for data integrity āœ… Forensic Investigations ā€“ Root cause analysis for security incidents, followed by corrective action

In-progress:

āœ… Automated Threat Mitigation ā€“ AI-driven security response to mitigate risks in real-time āœ… Breach Notification Policy ā€“ Any security breach is reported within 48 hours per GDPR guidelines


In summary, Gallabox is fortified with a multi-faceted approach to data security, encompassing robust infrastructure, stringent access controls, comprehensive encryption, and proactive auditing and recovery measures. These practices collectively ensure the security and integrity of our client's data, making our solution a reliable and trusted choice in the market.

Last updated