Security Overview

Last Updated: February 26, 2019

Keeping user data safe and secure is a huge responsibility and a top priority for us. We are working hard to protect our users from the latest threats. This guide offers you an insight into the steps and measures that are being undertaken in order to prevent, detect, and respond to information security, disaster protection, and recovery plans.
The role of our system security programme is to protect our users’ information by reducing the risk of loss of confidentiality, integrity, and availability of that information to an acceptable level.

Data protection and privacy

Data Location

Our primary data centers are in the European Union, more specifically in Germany. We also use Amazon AWS (Ireland) for backups. All data is written to multiple disks instantly, backed up daily and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Our software infrastructure is updated regularly with the latest security patches.

A daily backup of all Mindomo data is encrypted using GPG and stored at Amazon in Ireland. Also, any user can opt to use the Google Drive, Dropbox and FTP integrations to backup his/her data. So, he/she can connect their Mindomo account with their Google Drive, Dropbox and/or FTP account and perform a daily backup of all mind maps.

Encryption in transit and at rest

Over public networks, we only send data using strong encryption. We use SSL certificates issued by Comodo RSA, RapidSSL CA. The connection uses 256 bit for encryption. You can check our currently supported ciphers here: https://www.ssllabs.com/ssltest/analyze.html?d=mindomo.com&latestAny.
Files and mind map data and messages aren’t encrypted at rest — they are active in our database and are subject to the same protection and monitoring as the rest of our systems. All user passwords are hashed using MD5.

Physical Security

Our state-of-the-art servers are hosted at Hetzner.de, a professional and secure data center located in the heart of Nuremberg and in Falkenstein/Vogtland, Germany. Hetzner Online's two data center parks provide an excellent and environmentally-friendly infrastructure for our product. Multi-redundant network connections to important Internet exchanges ensure fast website access. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides extra protection against unauthorized entry and security breaches.

The data center is protected by video-monitored high-security perimeter fencing around the entire data center park:

  • Entry via electronic access control terminals with a transponder key or admission card
  • Ultra-modern surveillance cameras for 24/7 monitoring of access routes, entrances, security door interlocking systems and server rooms

Power Supply:

  • AC: 230V, 16A
  • Redundant UPS facilities
  • Battery mode: Approx. 15 minutes
  • Standby power system
  • Diesel power generator for autonomous mode
  • Power is supplied via a raised floor system

Climate Control:

  • Energy efficient direct free cooling
  • N+2 redundancy
  • Cold aisle containment
  • Under-floor air conditioning
  • Higher than average raised floor system
  • Monitoring of air temperature and server/distribution cabinets

DDoS Protection

  • Latest hardware appliances
  • Sophisticated perimeter security technologies
  • Automated system that can protect your web applications, websites, servers, and IT infrastructure
  • Attempted botnet communications thwarted

Data deletion

All your content will be inaccessible immediately upon erasing. Within 30 days, all Mindomo content will be permanently deleted from all backups and logs. This information can not be recovered once it has been permanently deleted. Our backups are stored off-site for a maximum of 30 days and our logs are kept for a maximum of 30 days.

Disaster Protection and Recovery

Load balancer

In order to ensure high availability in case of an imminent disaster, Mindomo provides load balancer failover capability. If one of the configured load balancers fails, the IP address is transferred to a new backup load balancer. External system services are used to manage the transfer of the IP address from the failed load balancer to the new load balancer node.

Application layer

The load balancer distributes the load of users to different application servers. Application servers are checked by the load balancer and if one of them fails, the load balancer re-routes users to an application server which is available. This mechanism is automatic and doesn't require user intervention.

Database layer

We use three types of data storage, which ensures safe and timely access to the user-generated content. We use an in-memory datastore for fast loading of user data, a MySQL database https://www.mysql.com and a Cassandra http://cassandra.apache.org/ cluster.

MySQL is configured with a Master-Slave architecture. If the master node fails, there is a procedure to reroute the traffic to one of the slave databases which hold the full copy of the master database.

By design, Cassandra is replicated and fault tolerant.

Systems Monitoring

Website performance monitoring

For website performance monitoring we use Pingdom https://www.pingdom.com/ Our public status page for uptimes and response times is available at http://stats.pingdom.com/xja2xu2u4o0b/430732.

System monitoring

System monitoring is provided by Nagios https://www.nagios.org/ , a powerful monitoring tool that detects and alerts our system administrators before they affect end-users and customers.

By using Nagios, we:

  • Plan for infrastructure upgrades before outdated systems cause failures
  • Respond to issues at the first sign of a problem
  • Automatically fix problems when they are detected
  • Coordinate technical team responses

How the monitoring system works:

  • we configure Nagios to monitor critical IT infrastructure components, including system metrics, network protocols, applications, services, servers, and network infrastructure.
  • Nagios sends alerts when critical infrastructure components fail and recover, providing us with notifications of important events via email, SMS, or custom script. Our staff can acknowledge the alerts and begin to resolve outages and investigate security alerts immediately. Alerts can be escalated to different groups if they are not acknowledged in a timely manner.
  • Reports provide a historical record of outages, events, notifications, and alert responses for later review.
  • Scheduled downtime prevents alerts during scheduled maintenance and operating system upgrades.
  • Trending and capacity planning graphs and reports allow us to identify the necessary infrastructure upgrades before failures occur.

System Administration

Due to all the sensitive data stored, our authentication system conforms to the following requirements:

1. It requires a minimum password length of at least 10 characters. For systems with Restricted Use Information or users with powerful access (such as “root” or “administrator” accounts), it requires a minimum password length of at least 11 characters, where possible.

2. It requires passwords to meet complexity rules. The password must contain at least three of the following four character sets: Lowercase letters, Uppercase letters, Numbers, Special characters.

3. It locks access to accounts if there are 30 failed authentication attempts within 5 minutes.

4. It designs systems and processes to ensure timely removal of a person’s access once that access is no longer required.

Conclusion

Over the past 10 years, we’ve seen many companies come and go. It looks like security is no longer only about technology, but that it is also about gaining the user’s trust. At Mindomo, we are always committed to meeting the requirements of our customers, and we are working hard every day to maintain their trust in our product and in our services. Longevity and stability is core to our mission at Mindomo.

Want to know more?

Please contact us at support@mindomo.com if you have any other security questions and we’ll get back to you as soon as possible.

宣揚 Mindomo