We know that data and systems security is paramount to the success of your organisation's digital projects. At Plume, we work tirelessly to keep your information secure. Here are some of the server and application security technologies that work hard to thwart such attacks.
Plume's typical level of security
Before we get into the details, please note that our typical level of security may differ from system to system based on our client's requirements (we build custom systems which means the level of security is custom too). If you'd like to know exactly which of these security technologies are in place for your system, please ask your project manager. And if you have any specific requirements, you can let us know.
Server-side security
- Rate limiting for SSH & SFTP logins to protect against brute-force protection
- Firewall that only provides access to required ports for the application to function
- Bot detection to protect against Denial of Service attacks (DoS)
- Database protection with IP whitelisting to restrict unauthorised access
- Application isolation to stop the spread of issues from one server application to the next
- End-to-end encryption with SSL certificates provided via Let’s Encrypt® to protect your user's data in transit to and from the server
- SQL injection protection
- 2 factor authentication required to access hosting environment management system
- AWS cloud security (when applicable)
Application security
- Application firewall with network protection to ban suspicious IPs
- Realtime continuous virus scanning to block attempted infections
- File-change notifications to our technical team for investigation
- Auto-repair of potentially compromised files
- Block users with repeated incorrect passwords
- CMS obscurification
Common security add-ons
Here are some of the common security requests we get from our clients who require premium levels of security and data protection. Please note that these may be subject to additional charges.
Additional server-side security
- Sucuri Antivirus protection
- Blacklist monitoring
- DDoS alerts
Additional application security
- 2 factor authentication for your system administrators and/or customers
- Restricted availability of the management system with country and IP whitelisting and time-based restrictions
- Custom password enforcement policies
