Security at PayFit
Keeping our customers data secure is the most important thing that PayFit cares about. We go to considerable lengths to ensure that all data sent to PayFit is handled securely - keeping data safe (and encrypted) is fundamental to our business.
Incident Response Plan
- We have implemented a formal procedure for security events and have educated internally all our staff on our policies.
- When security events are detected they are escalated to our emergency alias, teams are paged, notified and assembled to rapidly address the event.
- The analysis is reviewed in person, distributed across the company and includes action items that will make the detection and prevention of a similar event easier in the future.
Build Process Automation
- We have functioning, frequently used automation in place so that we can safely and reliably rollout changes to both our application and operating platforms within minutes.
- We typically deploy code dozens of times a day, so we have high confidence that we can get a security fix out quickly when required.
- All of our services run in the cloud. PayFit does not host our own routers, load balancers, DNS servers, or physical servers.
- All our services and data are provided and hosted in Amazon Web Services (AWS) facilities in Paris, France. PayFit services have been built in the first place with disaster recovery in mind.
- All of our servers are within our own virtual private clouds (AWS VPC) with restricted and monitored network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network. Public traffic goes through a single (audited) load balancer. Access to our internal services is possible via a VPN only.
- Our VPN has granular access control policy
- All customer data is stored in the EU.
- Customer data is stored in multi-tenant datastores, we do not have individual datastores for each customer. However strict privacy controls exist in our application code to ensure data privacy and prevent one customer from accessing another customers data. We have many unit and integration tests in place to ensure these privacy controls work as expected. These tests are run every time our codebase is updated and a single test failing will prevent new code being shipped to production.
- All documents related to hr are stored on the aws s3 service with a strong encryption keys system (aws KMS). No one but PayFit owns the keys to decrypt them and use them if necessary.
- We use a mongoDB database to store all the data related to payroll. The data is stored on encrypted disks using advanced encryption.
- All data sent to or from PayFit is encrypted in transit using strong TLS encryption (we followed Mozilla's recommendations).
- Our API and application endpoints are TLS/SSL only and score an "A" rating on SSL Labs' tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.
- PayFit is served 100% over https. PayFit runs a zero-trust corporate network.
- There are no corporate resources or additional privileges from being on PayFIt’s network.
- Each user can set up a two-factor authentication (2FA) to ensure the best security for their authentication.
- On an application level, we produce audit logs for all activity
- All access to PayFit applications is logged and audited.
- Bastion hosts are used to login to devices via key based authenticated SSH
- All actions taken on production consoles or in the PayFit application are logged for a full traceability
We use technologies such as Logmatic, AWS Cloudtrail and Security Monkey to provide an audit trail over our infrastructure and the PayFit application. Auditing allows us to do ad-hoc security analysis, track changes made to our setup and audit access to every layer of our stack.
- Conducting a gap analysis
- Planning policy and product changes, specifically around data access, management and portability
- Reviewing our contract commitments with our customers and vendors
At the same time we're closely following the developing interpretations and guidelines on key provisions of the GDPR from the EU Article 29 Working Party and our plans are adapted accordingly.
Because we continually improve our security policy at PayFit, here are the coming points we'll work on in the next months:
- Adapting our practices to be compliant with ISO27001
- Provide a full history/logs to each customer of all changes made on their data (update, author and date)