Blog

Security Updates, GDPR and LGPD Updates and more.

on May 24, 2019

May has been a big month for us. May 1st-4th we moved 100% of our services to Google Cloud. Since then, we’ve addressed our infrastructure and company security policies. Keep reading below if you want to learn more.

Google Cloud Migration

How did we choose Google Cloud? We went over all of the major providers, from AWS and Azure to Digital Ocean and Heroku. We needed something that was cost effective, secure, easy to manage, safe and ticked all of the boxes of the GDPR guidelines. Google Cloud eventually came out on top.

Migrating our entire server stack, databases and services to Google Cloud was a surprisingly smooth transition. We had planned for over a month ahead of time before making the move, considering every detail that was going to need attention before moving.

In the end we got higher performance, improved security and an easier to manage infrastructure than we previously had. It was a relief when we saw everything running without an issue once it was on the cloud.

Not only is Google Cloud at the forefront of cloud security, they comply with important security and privacy standards.

Security Updates

Hearing about new data breaches on a daily basis literally gives us terror. Type in “security breach” in your favorite news site and you’ll see endless stories about big companies that got hacked and exposed information of millions of customers.

The sad truth is most companies are not focusing on security. Their developers are not security experts and 81% of developers feel unequipped to handle software security.

As such, it’s extremely important to not only be careful which software products your company works with but also to make sure your tech workers are as much code geeks as they are IT security geeks.

Are the services you use continually staying on top of their security? Are the NPM and Docker packages their code runs on contain known vulnerabilities? Have they ever checked? Does their code repository have outstanding security notices that are getting ignored? These are the real questions we feel customers should ask. And these are the specific areas we’re focusing on in our backend as well as frontend.

Also, this is why we’ve compiled a security overview of how we handle your data. Feel free to ask more questions if we skipped some of your concerns. Please tell us what else you’d like to see in the document.

DPA and Subprocessors Documents

We’ve published a public DPA (Data Processing Addendum) to stay on top of Europe’s GDPR and Brazil’s LGPD requirements. The DPA covers Data Processing Terms, Details of Data Processing, the types of Personal Data we process and the Categories of Data Subjects of who the data is processed.

With the DPA comes a list of Dedupely’s Subprocessors (Apps, software and services that we use to keep the product running). This document covers a list of our software providers and where they are located. All of our subprocessors are GDPR compliant and well established in their industries.

Aside from that, we keep close tabs on our third-party service providers in the event they report a data security breach.

In Concluding

Our work this May was about moving to a stabler cloud provider, analyzing our company security, bringing on new security tools and automating checks to ensure our system is safe.

Our company has adopted a security-first/security-by-design approach to protect our customers and stay on top of the ever-growing rate of software vulnerabilities in the Open Source community.

We also continue to maintain policies to stay on top of GDPR and Brazil’s upcoming LGPD in 2020.