Dashboard Security Frequently Asked Questions (FAQ)
Is our data encrypted?
Data in transit is encrypted using TLS with Perfect Forward Security (PFS), and data at rest uses industry standard AES-256 to encrypt fields in the database that contain sensitive information, such as Jamf Pro API credentials.
Is TLS always used?
Yes, Dashboard no longer supports SSL v3.0.
How are our passwords stored?
For Dashboard login passwords, we use bcrypt with unique, random salts, and employ a high-cost factor to deter brute force attacks. API credentials to connect Dashboard to other systems (e.g. Jamf Pro Servers) are encrypted at rest using AES-256.
Who has access to our data?
Only you and the people you allow have access to your data.
Where are Dashboard data centers located? Dashboard relies on Linode.com to provide infrastructure as a service (IaaS) within the United States. Data at rest remains in the United States.
Does Forget Computers use a secure Software Development Lifecycle (SDLC)?
Yes. We use an Agile methodology that incorporates cross-functional teams and clearly separated development, staging, and production environments.
Does the Dashboard hosting service have a SOC 2 Type 2 report?
We are currently preparing for a SOC 2 Type 2 report that is expected in 2018.
Does Forget Computers audit its security?
We follow industry best practices for security and use automated tools to check for security vulnerabilities prior to each release. We also rely on Two-Factor Authentication to ensure the security of the underlying infrastructure that is provided by Linode.com.
Have questions that we didn't cover?
Please don't hesitate to reach out to us and talk security.