Firefish Data Security - Built for Trust

At Firefish, we combine enterprise-class security features with comprehensive annual audits of our applications, systems, and networks to ensure all customer data is fully protected. Our systems are built with a privacy-by-design approach and we deliver our service through a world-leading technology infrastructure.

 

A trusting partnership

By partnering with Microsoft Azure, we’re able to provide our customers with an ultra-secure cloud-based solution for their recruitment teams. As much as ninety per cent of Fortune 500 businesses trust Microsoft Cloud globally, and the Azure platform is recognised as the most trusted cloud solution for governmental institutions internationally.

 

In terms of compliance, Azure also meets a broad set of international and industry-specific compliance standards such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2 as well as country-specific standards such as Australia IRAP, UK G-Cloud and Singapore MTCS. Rigorous third-party audits, such as commissioned by the British Standards Institute confirm Azure’s adherence to the strict security controls these standards mandate. Further information on Microsoft’s security overview can be found here.

 

For those customers choosing to utilise our white label VOIP and SMS messaging tools (Twillio), these were formerly EU Safe Harbour participants (and still maintain Safe Harbour compliance despite recent legal changes) and will enter into EU Data Protection agreements if necessary.

 

Physical security

All Firefish physical hardware will be located within secure Microsoft data centres at two locations within Europe. Our primary centre is located in Microsoft’s Western European centre, and these facilities are secured by a series of measures including (but not limited to) biometric access, security alarm systems and round-the-clock security staff. Additional security information on Microsoft’s data centres can be found here.

 

At this time, all of our customer data is stored within the Microsoft Azure Platform. Regarding the very small amounts of data stored on our physical premises, the Firefish offices have a controlled secure-entry system to the building and an additional security barrier into our own offices, which only authorised Firefish employees have access to. The building also has a fitted fire service alarm with instant call-out for three fire engines. Any internal operations data that we store in our shared folders are protected in our own internal comms room which can be accessed exclusively by four authorized key holders – CEO, CTO, Head of Finance and Head of HR.

 

Network security & server access

As our production network is provided by Microsoft Azure, it is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection/Prevention technologies (IDS/IPS) which monitor and block malicious traffic and network attacks.

 

Remote desktop access to all our servers is restricted to authorised individuals only and uses multi-factor authentication to ensure the highest level of security is maintained. Authorised users log into our system with their username and password and must also verify their attempt to access each individual server via a registered mobile device. Only authorised Firefish technical staff have had mobile devices registered and been provided access to the underlying machines through this process.

 

Application & data security

We employ many different layers of security to keep your data safe. These security policies and processes follow industry best practices wherever possible and are periodically reviewed for conformance and compliance.

 

Some highlights include:

 

  • Separate privileges for customer data and application access, and customer data is not commingled.
  • Biannually, we perform industry-leading third party security scanning and penetration audits on our external-facing infrastructure to determine any possible security threats.
  • Source code management is employed for all applications and development processes.
  • Application source code is hosted using an industry leading-secure, third party source code repository.

 

Service monitoring & reporting

We have several different levels of application monitoring to ensure that services are being rendered according to acceptable performance standards.

 

  • We provide a public operational service status page which documents our historical uptimes and provides information in the event of a service disruption.
  • Uptime monitoring by a third party (Uptime robot) which notifies us when external services slow down or fail. This is linked directly to messaging services that alert our engineers and prompt them to respond within our SLAs.
  • Internal application instrumentation on server loads and performance, in the rare case that resources are consumed at unusual rates.
  • We provide status of unusual or degraded operations through our ‘announcement’ section of our Fishtank
  • In case of a system alert, events are escalated to our Head of Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

 

Data & full-system backups

Microsoft Azure has been certified under EU Data Protection Law and both the primary and secondary data centres operate fully within the European territory (full overview of Microsoft’s privacy policies can be found here).

 

All of our client databases are backed up using the following strategy:

 

  1. A full database backup is performed once a week and before any system update
  2. We then perform an incremental backup three times weekly
  3. Finally, we perform transaction backups every 30 minutes throughout each day.

 

In the rare event of a data or software issue, loss of data from the database is therefore minimised to 30 minutes max. These backups are stored in such a way that they can provide a full backup for 28 days previous.

 

The entire file system is also protected by “Geo-redundant storage”. This means that the file system is continuously backed up automatically by Microsoft Azure to multiple data centres within Europe and any transient data corruption is automatically fixed by the Azure framework.

 

Our primary data centre is Microsoft’s West Europe Data Centre (Amsterdam) and is mirrored with a secondary site at Microsoft’s North Europe Data Centre (Dublin). Three copies of the data are stored at each of the data centres at all times, meaning a minimum of six copies of all data will exist for the full 28-day period.

 

Business continuity & disaster recovery

In terms of the Firefish system, a failure requiring disaster recovery can stem from one of four causes:

 

  1. A software or data fault/failure - In the rare event of a software or data failure, the majority of the time data corruption is automatically repaired by the Microsoft Azure framework. If data has been lost, we can restore a backup of the database and files directly from our internal backups and aim to do so within two-hours of receiving notification that the event has occurred. The most recent database backup will be restored from internal backups to return the data to its state prior to the fault occurring (up to 30 minutes’ data loss) and any missing files will be restored from the secondary file backups (up to 7 days’ data loss). 

 

  1. A server or hardware fault/failure - Firefish has been configured in a highly available, load-balanced manner. This effectively means that in the event of an isolated hardware failure, the affected server will be taken offline and a secondary server steps in to take over the processing of requests to minimise disruption to service. This is implemented using database mirroring for the database servers and load-balancing for the web servers. The Microsoft Azure framework provides automatic healing, allowing any hardware failures to automatically fail over to another server so that after some time (circa 30 minutes) the compromised server will again be available to process requests.  In the unlikely event that both the primary and the secondary servers suffer from a simultaneous failure, the service will be unavailable until the Microsoft Azure framework self-healing is complete (circa 30 minutes). Normal service will then resume.

 

  1. A Microsoft Azure Service fault/failure -  Firefish is built upon the Microsoft Azure framework and uses a variety of services hosted directly by Microsoft within their European data centres. If one of these services is faulty, Firefish performance may slow down or in extreme cases, service could be interrupted.  In the event of an Azure Service failure, Firefish will work with Microsoft to identify the problem and then circumvent it using alternative services, where available. This process would take a few hours, but with prolonged Azure Service failure Firefish could be impacted until Microsoft resume full operations. However, the core Microsoft Azure Services are backed by a 99.9% uptime SLA.

 

  1. A data centre failure - As all data and backups are stored throughout multiple physical sites, the failure of a single site will not impact on data recovery. If the primary data centre fails, all the data will be securely stored at the secondary site until the primary data centre comes back online. At this point, any damaged data will be automatically repaired and restored. After the data has been recovered, the servers will be turned back on and normal service will resume. Recovery rates will depend upon the type of problem at the data centre and Microsoft do not currently provide durations for this recovery process.  In the highly unlikely event of the data centre not being recoverable, Firefish will recreate the servers in the secondary data centre, allowing normal service to be resumed. This process may take up to 48 hours.

 

If any of the above scenarios were to occur, service may be interrupted or unavailable while we resolve the fault. However, any affected clients will be notified by a member of the Happiness team when a problem is encountered and an alert will be provided via our announcements page.

 

The Incident Manager will then provide any work-around available (if applicable) and an estimate of the duration to resolve/final notification when the issue has been resolved. As Firefish also operates an environment open to continuous improvements, a full team review and any improvements to our processes would also be provided to the customer.