CitizenLab takes many measures to increase the resilience to data breaches, following industry best practices and building on top of established cloud suppliers.
All application data from a single customer (platform) is stored in a completely separate database schema. The data is encrypted at rest, which means that physical hard drive access to a database server is not sufficient to read the data. The database servers are only reachable by the application servers on an internal network in the data center and not through the public internet.
In terms of personal data, CitizenLab stores only the data that are needed for the functioning of the platform and to provide useful insights to the customer (platform owner). Third party usage analysis tooling is GDPR compliant and provides us with contractual security guarantees. Where possible, anonymised data is used.
From the application side, all platform access happens exclusively over strongly encrypted SSL connections. Technical logs are filtering out any sensitive information before being sent over the wire. The access rights of the various user roles, like admins and moderators, are defined in separate, highly tested policy declarations. The authentication method uses industry-standard JWT tokens. Static analysis tools check the codebase for known security anti-patterns and monitor dependencies for known security vulnerabilities, as part of our continuous integration flow.