Security in Pickzen

This article describes the technologies and processes we use to protect your information.

Physical security

The Pickzen infrastructure is hosted on Amazon Web Services (AWS). Our main servers are in Ohio, USA and our backup servers are in Ireland, EU. All comply with security and privacy standards, including Privacy Shield. Your information is hosted and backed up in safe places.

Network security

All of our network environments are hosted on a Virtual Private Cloud Network (VPC) on Amazon Web Services. Our Production networks are separated into public and internal services. Incoming internet traffic is not allowed on private subnets, and all application servers reside on private networks that do not have public IP addresses. The load balancers, managed and maintained by Amazon, are the only ones who have inbound access to the internal servers of the application. Additionally, we have firewalls and strict security groups that control incoming and outgoing access to servers. Access to the servers we use is strictly limited, and no external traffic is allowed to them.

Fault tolerance

Pickzen has been designed to be scalable and fault-tolerant. If one machine fails, another will be ready to take over immediately. This redundancy is found at all critical levels of the platform.

Also in line with AWS recommended practices, we have a multi-availability zone architecture in place. In case of an Availability Zone failure, the remaining machines in the working Availability Zones have sufficient capacity to run the service in its entirety.

Access control

Access to Pickzen resources is allowed only through secure connections (for example, VPN networks or SSH connections) and, in some cases, requires multi-factor authentication. We follow the Principle of Least Privilege, so users and programs should only have the necessary privileges to complete their tasks.

Existing access is audited on a regular basis to ensure that our employees only have the necessary permission to perform their duties. This means that our employees can only access Pickzen systems with a secure connection. As soon as someone leaves the company, their access is blocked. We also have confidentiality agreements with all of our employees and contractors.

Penetration tests

We conduct periodic penetration tests on our platform. Vulnerabilities and other findings are classified according to their severity, and we prioritize them accordingly. This means we let security experts come in and try to break things to help us find any weaknesses.

Monitorization

Pickzen collects system, infrastructure, and application logs into a centrally managed log repository for monitoring, troubleshooting, security reviews, and analysis by authorized employees only. These records are preserved in accordance with the regulatory requirements for assistance in the event of a security incident.

Shared responsability

Protecting access to your information requires that you, as a Pickzen client, help us to maintain security by using strong passwords and protecting them as necessary.

Last updated