It’s not only the User Experience that’s consumer grade.

Overview

Ensuring you get a reliable service, with your data available whenever you need it, is at the core of how we built our software. Our systems are hosted on Amazon Web Services (“AWS”) across multiple availability zones and that way, if one ever failed, your service remains uninterrupted.

We want to grow with you as a business and our software is built with that in mind, using auto-scaling solutions so that we can effortlessly scale together.

The AWS data centres use leading physical security measures and for further information, please see the link below.

AWS security page

On the inside

Huler implements a security-oriented design in multiple layers, one of which is the application layer. The Huler application is developed according to the OWASP Top 10 framework and all code is peer reviewed prior to deployment to production.

Huler employ a number of industry standards to ensure the separation of client data within what is a multi-tenant system. Client access to data relies on short lived access tokens which encode the account ID the client has access to; this account ID must match the account ID of any returned records at every stage of processing and where it does not the data cannot be returned to the client.

Once you’re in, Huler encrypts all data:

• Traffic is encrypted using TLS 1.3 with a modern cipher suite, supporting TLS 1.2 at minimum.

• User data is encrypted at rest across our infrastructure using AES-256 or better.  

• Encryption keys are managed using the AWS KMS service.

• Credentials are stored within the AWS Cognito service.

Huler then ensures consistent backups of the user data to allow for Point-in-Time Recovery.

Behind the Scenes

We use a comprehensive set of tools and services to protect what we love, including:

• All services are hosted behind an API gateway;

• A web application firewall (WAF) for content-based dynamic attack blocking;

• Rate limiting;

• All data is encrypted at rest using the AWS KMS service;

• Network traffic logs.

Don’t just take our word for it, Huler uses independent third-party accredited auditors to conduct penetration tests to ensure that additional level of independent rigour you would expect. These tests continue on an annual basis both in the application and in the infrastructure level to continually challenge and ensure we are meeting the standards we set

At Base

Huler’s infrastructure is fully Cloud-based, meaning our offices are a home to our people only. We protect our sites using personalised access control together with internal and external CCTV and alarm systems.