We take security seriously. Our platform is hosted on Microsoft’s Azure cloud infrastructure, which enables us to deliver highly scalable, available and fault-tolerant services. Our application architecture has been designed to leverage Azure’s strong geo-redundancy, replication, and recovery options, and follows Microsoft recommended best practices and processes. Azure meets a broad set of international and industry-specific security, privacy and compliance standards including ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2.
Data Replication and Backup
Data generated and stored on the platform is replicated between two physical data centres via Azure’s paired region approach. We utilize Azure geo-replication and geo-redundancy features for storage and database operations, guided by Microsoft’s recommended practices. Point in time backups are also automatically executed hourly for database and daily for general file storage.
System Failover and Disaster Recover
Our application architecture follows best practices to ensure failover and recovery can occur across multiple levels and scenarios. At a hosting level the platform is deployed across a primary and secondary data centre pair. These data centres are sufficiently physically distant from each other to reduce the likelihood of natural disasters, civil unrest, power outages, or physical network outages affecting both regions at once. In the event of tier failure or outright disaster, failover procedures will transition services from our primary to the secondary centre.
Network and Platform Security
Our server instances run behind Azure’s comprehensive firewall and load balancing solution. Inbound connections from both the Internet and remote management ports are blocked by default, with access tightly restricted to legitimate protocol and traffic only. All firewall configurations are version controlled and peer-reviewed as part of our standard change management processes.
For more information on Azure-specific security, refer to Microsoft’s self-assessment paper here:
https://cloudsecurityalliance.org/star-registrant/microsoft-azure
Backend access to databases, storage accounts and server instances is restricted to qualified Go Evo team members only, with all actions performed using Microsoft provided management tools across SSL secured connections.
All app, web browser and REST API interactions with the Go Evo platform occur using 256 bit SSL/TLS encryption (HTTPS protocol). Users are required to log in with an email and password, and their login and access activity is recorded. API access is authenticated against a platform generated 32 character secret key token. Passwords stored on mobile devices and Go Evo servers are always encrypted using AES 256 bit encryption algorithms according to industry standard practices. When a user account is terminated or deactivated, an automatic wipe of local app data is executed when/if the user next attempts to access the app.
Reach out to our team for more details on our platform’s security and architecture.
