Do Async Security Statement
Do Async is an Atlassian Marketplace partner and we bind by Atlassian Marketplace Partner Agreement to provide industry-standard security measures.
Do Async uses Heroku and Amazon Web Service (AWS) platform to build, deploy and serve applications. A lot of security measures are taken by Heroku and AWS to prevent security and stability issues. For more information about security on those platforms see:
In this document, we provide a short overview of security measures and actions taken by Heroku, AWS, Atlassian, and Do Async to make sure your data is safe and secure.
Vulnerability Reporting
If you are an Async Poker customer and you would like to report a vulnerability or have a security concern regarding Async Poker, please email support@doasync.com.
Security Assessments and Compliance
Data Centers
Async Poker uses Heroku to host the application. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Penetration Testing and Vulnerability Assessments
Marketplace Security Bug Bounty Program
Do Async with Async Poker application is participating in the bug bounty program.
Ecoscanner
The Ecoscanner platform is a platform used for performing security checks against all Atlassian Marketplace cloud apps on an ongoing basis. This helps continuously monitor our cloud apps for common security vulnerabilities.
OWASP Dependency-Check
We run a dependency check to detect publicly disclosed vulnerabilities contained within a project’s dependencies each day and before each deployment.
Heroku Platform testing
Third party security testing of the Heroku application is performed by independent and reputable security consulting firms. Findings from each assessment are reviewed with the assessors, risk ranked, and assigned to the responsible team.
Physical Security
Async Poker uses Heroku which utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges.
Network Security
For more information about network security(e.g. Firewalls, DDoS Mitigation, Spoofing and Sniffing Protections, Port Scanning) see: https://www.heroku.com/policy/security
Data Security
We fulfill all security requirements for cloud apps defined by Atlassian. We use the Atlassian Connect framework created and maintained by Atlassian.
Heroku Postgres
We store data provided by customers in Heroku PostgreSQL. Connections to PostgreSQL databases require SSL encryption to ensure a high level of security and privacy.
Data encryption
All data is encrypted at rest with AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume. You can find more detail about EBS encryption here.
Backups
Applications
Our applications deployed to the Heroku platform are automatically backed up as part of the deployment process on secure, access controlled, and redundant storage by Heroku.
Postgres Database
Continuous Protection keeps data safe on Heroku Postgres. Every change to applications data is written to write-ahead logs, which are shipped to multi-datacenter, high-durability storage. In the unlikely event of unrecoverable hardware failure, these logs can be automatically ‘replayed’ to recover the database to within seconds of its last known state.
Additionally, we automatically backup our databases every 24 hours and keep those backups in secure Heroku storage.
Heroku Platform
From Heroku instance images to Heroku databases, each component is backed up to secure, access-controlled, and redundant storage. Heroku platform allows for recovering databases to within seconds of the last known state, restoring system instances from standard templates, and deploying customer applications and data. In addition to standard backup practices, Heroku’s infrastructure is designed to scale and be fault tolerant by automatically replacing failed instances and reducing the likelihood of needing to restore from backup.
Disaster Recovery
Applications and Databases Heroku platform automatically restores our applications and Heroku Postgres databases in the case of an outage. The Heroku platform is designed to dynamically deploy applications within the Heroku cloud, monitor for failures, and recover failed platform components including applications and databases.
Source:
https://doasync.com/security/