A digital workplace safer than Fort Knox
It’s not only the User Experience that’s consumer grade.
Our customers rely on the HulerHub platform to securely work from anywhere in the world. We understand that security and privacy is the number one concern for the organisations we work with, many of who operate in highly-regulated and security-conscious industries.
Our cloud-based platform is built with this in mind, offering industry-leading protection security as standard to protect the data of your business, employees and customers. No ifs or buts.
When you work from anywhere, you need to be confident your data is available whenever (and wherever) you need it. Our systems are hosted on Amazon Web Services (“AWS”) across multiple availability zones. That way, if one ever fails, your service remains totally uninterrupted. For more information on this, please visit the AWS security page.
Under the Hood
HulerHub implements a security-oriented design in multiple layers, one of which is the application layer. The HulerHub application is developed according to the OWASP Top 10 framework and all code is peer reviewed prior to deployment.
Huler also employs a number of industry standards to ensure the separation of client data within a multi-tenant system. Client access to data relies on short-lived access tokens which encode the account ID the client has access to. This account ID must match the account ID of any returned records at every stage of processes. If it doesn’t, the data cannot be returned to the client.
Once you’re in, HulerHub encrypts all data:
- Traffic is encrypted using TLS 1.3 with a modern cipher suite, supporting TLS 1.2 at minimum.
- User data is encrypted at rest across our infrastructure using AES-256 or better.
- Encryption keys are managed using the AWS KMS service.
- Credentials are stored within the AWS Cognito service.
HulerHub then ensures consistent backups of user data to allow for Point-in-Time Recovery.
Behind the Scenes
We use a comprehensive set of tools and services to protect what we love, including;
- Hosting all services behind an API gateway;
- A web application firewall (WAF) for content-based dynamic attack blocking;
- Rate limiting;
- Encrypting all data at rest using the AWS KMS service and
- Network traffic logs.
Don’t just take our word for it either. We use independent third-party accredited auditors to conduct penetration tests to ensure all our processes and implementations are robust. These tests continue on an annual basis, both in the application and within the infrastructure, to continually ensure we are meeting the highest standards.
Huler’s infrastructure is fully cloud-based, meaning our offices are home to our people only. We also protect our sites using personalised access control together with internal and external CCTV and alarm systems.
Our Huler Commitment
At Huler, we pride ourselves on delivering socially responsible software and services to our customers. As part of this, we recognise our responsibility to protect all of the data we hold or process, whether it belongs to Huler, our employees, customers or suppliers. The information we hold is one of our most valuable assets, preserving the confidentiality, integrity and availability of this information is essential.
Our commitment to data security and management and the continuous improvement of information security controls includes;
- implementing industry best practice security controls and assuring the effectiveness of our controls through certification to ISO 27001, the global standard for managing information security
- complying with all relevant information management legislation, regulations and standards
- ensuring our employees are clear about their responsibilities regarding information security through regular training and awareness campaigns
- effectively managing the security and scalability of all computer systems and supporting infrastructure
- defining remote/ off-site working expectations and standards in regards to information security in a new world of hybrid working
- acting quickly and implementing corrective action in regards to any information security events, breaches or identified weaknesses