Security Measures of Snoobi
Here you will find answers to the most frequently asked questions about the measures that Snoobi takes with regard to the security of your data.
1. Access by employees
- Customer and account data are only accessible to employees who need it for the execution of their work, for example service, technical support or temporary for consulting.
- All employees of Snoobi have specific clauses in the employment contract about the confidentiality of customer data.
- All access to Snoobi accounts by any Snoobi employee is collected in detail in a log.
- There are internal rules about handling customer data and Snoobi accounts. Customer data is also never shared with third parties without explicit approval by the main customer contact.
- The Snoobi workstations are equipped with encryption, secure networks and firewalls, are checked regularly and provided with the latest security updates.
- Access to client data for Snoobi amployees is only through specific IP-address ranges and VPN.
- All employees of Snoobi participate in safety and privacy training as part of the training program for new employees and a review is performed at least once per quarter.
- The production and development environment of Snoobi is protected from access by non-technical staff and has a higher level of access protection. All access is further monitored and logged.
2. Data centers, security and storage
- The Snoobi Servers are hosted within Europe in Germany and Finland. No data is stored outside Europe.
See information on the Hetzner datacenter below (see 3).
- Access to websites, Snoobi applications and APIs are always secured with HTTPS.
- The web servers that are in use by the Snoobi Analytics application have no other ports open to the internet other that the web server ports that are needed to provide access to the application.
- The data that is sent between integrations and other links is always protected with HTTPS.
- Input and output data transmission is always secured with HTTPS encryption (TLS 1.2 – 1.0, RSA with AES128 GCM SHA256).
3. Hetzner Data Center and Network security
- Snoobi Technology has chosen a reliable partner for hosting of our servers at Hetzner Online, which is certified in accordance with DIN ISO/IEC 27001 standards. This internationally recognized standard for information security certifies that Hetzner Online GmbH has established and implemented an appropriate Information Security Management System (ISMS).
- Hetzner Online utilizes the ISMS in its infrastructure and complete operations for the data center parks in all locations, Nuremberg, Falkenstein and Helsinki. The Snoobi main storage is located in Helsinki, German datacenters are only used for collection fail-over purpose to ensure close to 100% availability.
- Physical security: Hetzner Online has three data center parks located in three different towns: Nuremberg and Falkenstein in Germany and Helsinki in Finland. A video-monitored, high-security perimeter surrounds the entire data center park. Entry is only possible via electronic access control terminals with a transponder key or admission card. All movements are recorded and documented.
Ultra-modern surveillance cameras provide 24/7 monitoring of all access routes, entrances, security door interlocking systems and server rooms. The uninterrupted power supply (USV) is ensured with a 15-minute backup battery capacity and emergency dieselgenerated power. All UPS systems have a redundant design. Direct free cooling allows for the environmentallyfriendly cooling of hardware. Climate control is effected via a raised floor system. A modern fire detection system is directly connected to the fire alarm center of the local fire department.
- Network security: Multiple redundant connections to the largest German internet exchange point, DE-CIX, and the FICIX, Finnish Communication and Internet Exchange association to ensure smooth data transfer. All existing upstreams and peerings are integrated in the backbone via state-of-the-art routers from Juniper Networks in order to boost the network’s capacity. In order to safeguard web applications, websites, servers, and IT infrastructure from DDoS attacks, Hetzner Online utilizes its automatic DDoS protection system.
4. Availability, server security and monitoring
Snoobi constantly monitors the network of Snoobi applications and websites.
- We monitor errors, availability, network delays, system load and usage.
- We have safe, duplicated critical databases, so that information cannot be lost if a failure arises before a subsequent backup.
- We back up our customer and account data (at least) every 24 hours.
- We regularly test the integrity of our backup procedures and recoverability.
- The Snoobi production environment is based on the fault-tolerant systems from the Hetzner Datacenter.
- Our technical staff are available 24 × 7 and are automatically alerted to errors and warnings in case of overload.
- Databases, cache servers and other parts of the production environment are only available through specific gateways that impose restrictions on which data can be accessed and by which staff member. Typically only the head of Snoobi's development has direct access.
- We have automated systems to analyze suspicious network activity or denial-of-service attacks and, where possible, counteract them.
- The Snoobi Data Protection officer immediately informs the customer if Snoobi suspects unauthorized access or Snoobi notices behaviour that is outside normal usage parameters.
5. Security by the user / user level
- With Snoobi’s management of users, administrator and access control to specific reports and regular e-mail reports, the customer can independently manage the access to the data collected by Snoobi.
- There are two user levels: Administrator for all access and customization of Snoobi settings, and User for employees at the customer who have to use the metrics and reports in Snoobi.
- The Snoobi Datafeeds use a long-coded url without specific login, Snoobi clients are informed to only extend access to Snoobi Datafeeds on a need-to-know basis and inform Snoobi immediately if codes have become accessible to others. Where requested, the Snoobi Datafeeds are only accessible through specific IP-address ranges.
- snoobi monitors the usage of the Snoobi Datafeed for unacceptable usage. If a Snoobi Datafeed has not been used for a period longer than 30 days, access to the Datafeed is disabled and can only be enabled upon request by a customer account administrator.
- Snoobi also monitors the use of the Snoobi reports for suspicious activity. For example, if large amounts of data are exported from Snoobi, this can be noticed and the Administrator at the customer can be informed.
- Snoobi's staff is informed when automatic email reports bounce for other reasons than out-of-office, which can indicate a user has left the organization. We subsequently inform the account administrator to take action to remove and assign any remaining reports.
- If users leave an organization, their access and details are removed from the system within 3 months and any report or other object linked to that user will be re-assigned to a generic user.
Snoobi regularly updates these security measures on the basis of the latest technical possibilities.
Snoobi users must report incidents via the e-mail address email@example.com or by telephone.