Overview of Wooxy security processes

This article explains all Wooxy security processes in detail.

Wooxy takes reasonable precautions to protect Customer Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Amazon AWS, DigitalOcean, and LeaseWeb are used as hosting service providers. These providers apply heavy cybersecurity measures and comply with the highest data protection standards.

Systems controlling the management network at Wooxy log to a centralized logging environment to allow performance and security monitoring. Logging includes system actions, employee logins, and commands issued in compliance with PCI  standards.

Monitoring and analytics capabilities are utilized to identify potentially malicious activity within the infrastructure. User and system behavior is monitored for suspicious activity, and investigations are conducted in accordance with established incident reporting and response procedures.

To ensure the continuous integrity of critical system files, application configuration files, and application logs, file integrity monitoring and log analysis solutions are in place to detect any unauthorized modifications to system components - files, registry, services, processes, and critical system files.

With layer-3 network separation as standard and the use of VPNs for private networking, the basis for security starts with the inherent, proven protection of data and assets. In-built platform security is complemented by enterprise-grade protection and access management.

Every Wooxy services component is protected by one or more security groups containing sets of firewall rules that specify which type of network traffic should be delivered to that particular service. By default, the firewall operates in a deny-all mode, and only specific IPs are allowed to connect through open ports.

Firewall services help mitigate threats such as data loss via file transfers, operational impact from malware attacks, bandwidth inefficiencies, and compliance failures.

For enhanced communication security when accessing Wooxy, the system automatically switches to HTTPS instead of HTTP for data transmission. HTTPS uses the SSL/TLS protocol, which employs public-key cryptography to prevent eavesdropping, tampering, and forgery.

Additionally, for data transmission, digitally signed requests using Access Keys must be sent to the Wooxy REST API. These Access Keys, which include an access key ID and a secret access key, are used to digitally sign programmatic requests made to the system.

Encryption is used when creating backups and snapshots. Encryption is enabled by default to protect data at rest.

The security and data integrity of customer databases are of the utmost importance. As a result, neither technical nor customer support staff have access to backend virtual servers, databases, or NAS/SAN storage systems where backup images reside. Only a select engineering team has direct access to the databases based on their specific roles. By design, customer support cannot capture screenshots or data dumps because no visual access is allowed. All sensitive data is blurred in the admin panel.