Felix Schäfer on February 19, 2013 Planio and Security
Security is one of the main concerns of our clients - and rightly so! Every week, both new and existing customer contacts us here at Planio Support to ask about it. So here's a little behind-the-scenes view for you to enjoy:
We take the security of the data we are hosting - your data! - very seriously on many different levels: the physical level (our infrastructure is hosted in secure data centers), the technical level (we make sure the software we use is up-to-date and implements the most stringent data access control mechanisms), and even the legal level (all our infrastructure is hosted in Germany, the country with one of the strictest privacy laws in the world).
One thing that gets asked less often - but which is even more important to us - is the safety of the main Planio application itself. Those of you following the news around web technology might have noticed a series of high-profile security vulnerabilities in a popular web framework called Ruby on Rails in the last few weeks. As Planio is built on Ruby on Rails, we have been affected too.
We closely follow the security announcements of all components Planio builds upon. In the case of the Ruby on Rails security warnings we were at work less than 15 minutes after the warnings were published. Less than 4 hours later, we had confirmed and tested the fixes and installed them across all affected Planio applications. Subsequent reviews of server activity also never revealed any suspicious activity that would indicate attempted or successful attacks on Planio in the short time between the publication of the security advisories and our fixes to the affected applications.
Holger and Jan took charge of installing these security fixes, with a little help from yours truly. As the security advisories those last few weeks usually came in in the European evenings, they both have been burning some midnight oil to make sure everyone's data is safe, big thanks to them!
One last thing I'd like to mention is that each security advisory also prompted us to shine a new light on our custom Planio code, which led us to discovering two more security issues on Planio particular to our setup. Needless to say that we applied the same diligence as described above to fix these issues and have notified upstream vendors where applicable.
In closing, I'd like to thank you for putting your trust in us by hosting your project data on the Planio platform. We highly value your trust and assure you that above all, the safety of your data is our first priority - so you can sleep tight while we'll continue to take care of the night shifts! :-)
Felix is interim head of customer support here at Planio and the owner of that dark deep voice you've probably heard when calling our support phone in the last weeks.
