Organizational + Physical Security, Payment Information, Service Partners
Your data integrity and security is important to Speedyrails. We provide a safe and secure place to host your application or website and related data in compliance with Canadian privacy law.
All physical and virtual servers operate independently and separately from all other servers across our network. We use strict filtering rules so that servers can only communicate using their assigned IP addresses—preventing man-in-the-middle attacks and other malicious activity.
Speedyrails servers use a stateless firewall to prevent unauthorized web traffic. The firewall protects your application or website by using traffic rule policies, connection-based policies, or pattern-based policies to make sure that only legitimate traffic is able to access your server.
Speedyrails also uses brute force detection to read authentication logs to check for failed login attempts, and we work with your firewall to prevent attackers from using brute force attacks to gain access to your servers.
Speedyrails uses Cogeco Peer 1 datacenters to house our physical equipment. Cogeco Peer 1 provides around-the-clock security including video monitoring, restricted access, and 24-hour on-site staff to provide protection against unauthorized access.
Cogeco Peer 1 facilities are independently audited by a third party to ensure full compliance with SSAE 16, CSAE 3416 Type II, and PCI-DSS physical security measures.
Our equipment is stored in locked cabinets and is only accessed by authorized personnel. All cabinet access is logged and regularly audited.
Employees and contractors undergo background checks before working at Speedyrails. Before starting work, they must agree to confidentiality terms and are briefed on our security practices and procedures.
Only authorized system administrators have access to customer servers to perform scheduled maintenance tasks and on-demand configuration updates. Administrators authenticate their access with unique SSH keys as a standard security practice. Administrators will only access customer data when explicitly requested to do so.
No other staff may access customer data at any time.
Upon employee termination of work at Speedyrails, all access to our systems is immediately removed.
Additional Security Features
Speedyrails can add security measures to further protect your applications:
- Managed vault clusters to store API keys, application passwords, encryption keys, etc.
- File system and disk encryption
- OpenVPN solutions to further secure your servers
- Cloudflare DDoS protection
For further information about Speedyrails security features, please contact us.
Customer Payment Information
Speedyrails partners with Moneris and Stripe to protect your payment information in a PCI compliant secure vault, ensuring your cardholder information is safe. All payment information transmits via an encrypted, secure TLS connection to our payment partners. Your credit card number is never stored by Speedyrails.
Reporting Abuse and Security Vulnerabilities
If you detect possible abuse originating from our network, contact email@example.com. Please include any application or server logs of suspected abusive activity.
To report a security vulnerability, please email us directly at firstname.lastname@example.org.
Our PGP key for disclosure is F7A3 92C7 156B 63DC 5895 9A87 2D3D 2D9A 74F3 7CC2.
Speedyrails takes security vulnerabilities seriously and would greatly appreciate your help in disclosing any vulnerabilities you may discover in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any security concerns you may have.