Data Security

Here at Droneit we take data security and privacy very seriously and we continuously look for opportunities to make improvements.
 
While it would not be prudent to share too much about what we do to protect our systems (since we would be effectively assisting malicious individuals who might try to compromise them), we can provide some general information about steps we take to keep your Online School and your customers safe.
 
Here are the measures we employ for securely storing the data you entrusted to us:

Protection from Data Loss & Data Corruption

• Isolated Databases. Our Droneit Website and Student Portal have their own, isolated Database. This means that even if one of Our Websites gets compromised or goes rogue, all other Droneit Websites will remain unaffected.
• Regular Backups. Databases are mirrored and backed up off site, across multiple facilities. We keep daily database backups.
• Customer data regulation. We never move any user data outside of our secured environment for testing or any other reason.

Application Level Security

• Password salting and hashing. Droneit uses the most up-to-date and secure cryptographic methods. Admin Passwords are salted and hashed and never stored or transmitted as plain text. Employees cannot view or manually change passwords. If you forget your password it cannot be retrieved, even by Us – the password must be reset by you.
• Encrypted Data Storage. All user passwords are salted and hashed and never stored or transmitted as plain text. We do not store credit card details on our infrastructure. All credit card transactions are processed using secure encryption on a PCI-Compliant network.
• HTTPS everywhere. Droneit forces all requests over HTTPS, ensuring all traffic between our websites and the user’s browser is encrypted. This means that anyone trying to eavesdrop on this data will not be able to decrypt and access the underlying data. Droneit uses TLS 1.2 exclusively, throughout its site and subdomains.
• XSS vulnerability avoidance. All user inputs are properly treated to ensure that XSS vulnerabilities are avoided.

Secure Software Development Life Cycle

• Vulnerability Scanning & Patching. We have automated systems in place that monitor all the software infrastructure that powers Droneit for new versions and vulnerabilities. Our infrastructure is updated regularly with the latest security patches. Moreover, our in-house security expert is constantly on the lookout for things that could jeopardise our systems, ready to intervene. We test our systems regularly through simulated attacks from the outside and in.
• Secure File storage. Your uploaded files can only be accessed through Droneit. Your students can only access files intended for them. Only authorized Droneit personnel can access your files, on a strict per-need basis.
• Internal Controls. For our employees, access rights and levels are based on job function and role, on a need-to-know basis, match defined responsibilities. All employees must abide by our policies about protecting customer data.
• Security by design. Our code is being developed following the latest patterns and industry best practices, and is constantly reviewed. Clear, readable and well-maintained code means secure systems.
• Key management. We keep our keys secret and out of version control, to ensure access to critical resources cannot be compromised.

Data Centre Security

The GDPR requires controllers and processors of personal data to “implement appropriate technical and organisational” measures to ensure a sufficient level of security.

Droneit primarily uses Amazon Web Services (AWS) and Google Cloud Platform servers as our third-party cloud storage subcontractors and we do not host customer data on our premises.

This means that all our servers are located at Google premises, in different world-class data centres around the world including East USA (South Carolina & Virginia, USA, North America), Central EU (Frankfurt, Germany, Europe), South America (São Paulo, Brazil, South America), Southeast Asia (Singapore, APAC).

Google Cloud Platform is a leading cloud provider, and holds industry best security certifications, such as SOC2/3 and ISO27001, and provides encryption in transit and at rest, without any action required from our customers. All servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data centre. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches. For more info on Google Cloud Platform physical server security check here.

The AWS Cloud spans 99 Availability Zones within 31 geographic regions around the world, with announced plans for 12 more Availability Zones and 4 more AWS Regions in Canada, Israel, New Zealand, and Thailand. The AWS Global Cloud Infrastructure is one of the most secure, extensive, and reliable cloud platform, offering over 200 fully featured services from data centres globally. For more info on AWS physical server security check here.

Protecting Droneit Against rogue or hacked users

We can secure ourselves, but if your computer gets compromised or someone gets into your Droneit account, that’s not good for either of us. Therefore,

·       We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.

·       Certain changes to your account, such as to your password, will trigger email notifications to the account owner.

·       We monitor accounts and school activity for signs of abuse (both via automatic notifications and human reviewers).

Disclosure

We are working continuously to make our systems secure. But modern software is amongst the most complex artefacts ever created by humans and cybersecurity is a moving target. If you do find any security issues, whether you are a user or security expert, please reach out to us at digital@droneit.com.au. We will make sure the issue is fixed and updated ASAP.