How is my data secured?
We are constantly refining our security measures to meet the rapidly evolving threats in the digital space (like viruses, attackers, hackers and all the other bad guys snooping around the internet), as well as to protect against the every day disasters that Murphy's Law provides us (like fires, floods, thefts, and accidents). We apply classic principles of secure programming with the knowledge of the latest advances threats and countermeasures. Sometimes the principles sound vague, but below we explain them and identify some of the ways in which they are employed. We would rather you understand why your data is more secure with My-Tec.bz than just take our word for it.
We harden every server and network device and place it in the secure My-Tec.bz datacenter. This means applying the time-tested security principles of "Least Privilege" and "Economy of Mechanism." In simple terms, it means we remove every program and close every port that isn't absolutely necessary for our systems to operate, and we restrict physical access and enforce strict rules regarding the environment in which the machines are kept. It's sort of like the military principle of information on a need-to-know basis. Unlike your home or office computer, My-Tec.bz machines are there to serve one, and only one, purpose - securely storing and managing your data. There are no additional programs for hackers to exploit. Our computers are housed inside locked cages in a temperature-controlled facility with redundant power, connectivity, and fire/flood protections. Access is monitored and granted to authorized-personnel-only, and food and drink are prohibited. These efforts enable us to dramatically reduce the potential avenues of attack for would-be wrong-doers and the chances of freak accidents.
We work hard to be open about the security we provide and make it practical for our users. The first guiding principle here is known as "Open Design." In lay terms, this means decoupling the mechanisms we use to provide security from the keys we use to enforce the protection. By making the system details transparent we 1) allow our systems to be examined by experts and reviewers who can offer us feedback on future theoretical attacks or existing vulnerabilities, and 2) need only protect a small amount of discrete information. The second rule applied here is "Psychological Acceptance." This means the security protocols we've chosen to implement have to be simple enough to be understood by our end users, and easy enough that we can actually count on you guys to follow them. Hopefully this explanation has helped to provide a better understanding of how we work with you to practice security, and hopefully our software will make it straightforward and painless for you to execute on it.