Data center security

I personally have been using Adalo since October 2020, and I am very satisfied with the product. I am now thinking of using Adalo for my company’s projects as well. In order to use Adalo internally, we need to report that the security measures in Adalo’s data center meet the requirements we have set.

I would like to know about the following 20 questions regarding security measures.

I really like Adalo’s products and would like to use them for larger projects in the future. Please help us to use Adalo in our company.

--------------- security-check-questionnaire-----------------------
(1) In order to prevent intrusion into the data center, we are using cameras to monitor, biometric authentication and other advanced authentication methods, and obtaining and managing access logs.
(2) To prevent intrusion into server rooms, cameras are used for monitoring, biometrics and other advanced authentication is used, and entry/exit logs are obtained and managed according to the security level of each section.
(3) To prevent theft of devices such as storage devices and external media such as backup media, personal belongings are checked as part of access control for the data center and each compartment.
(4) To prevent unauthorized removal of data, external media such as USB memory sticks and portable HDDs, as well as cameras, are checked as part of the access control for the data center and each compartment.
(5) the system operator is assigned to be a regular employee or other reliable person.
(6) only the minimum number of operators are assigned, and each operator is given the minimum authority for each task.
(7) all operations are recorded, the status of operations is monitored by cameras, and multiple operators work together, etc., in order to monitor and detect unauthorized operations by operators
(8) training personnel with a high level of expertise by providing them with security education and having them acquire security-related qualifications such as CISSP.
(9) provide functions to protect transmitted and received data from leakage and falsification through encrypted communications using SSL/TLS, IPsec protocol, etc.
(10) fortifying the server by stopping unnecessary daemons and disabling service accounts in the host OS and guest OS
(11) When storing important data, appropriate and strong encryption is implemented for transmission paths, storage, and databases. In addition, appropriate security measures are implemented for encryption keys used to encrypt data.
(12) implement a mechanism to prevent the easy recovery of important data, such as overwriting or de-criticalization, in the event of termination, disposal of backup media, or data migration.
(13) Logs of host OS, guest OS, servers, network devices, web applications, etc. are collected and stored in a secure environment (at least six months is recommended).
(14) Please describe the log storage period. 15.
(15) The collected logs are regularly monitored to quickly detect unauthorized access or processing.
(16) all devices and servers in the data center are synchronized with the correct time in order to accurately grasp the events stored in the logs.
(17) regularly conduct vulnerability assessments of host OS, guest OS, servers, network devices, and web applications
(18) establish a system to quickly obtain the latest vulnerability information, and take prompt action when new vulnerabilities are discovered When vulnerability correction programs are applied, the criteria for determining whether or not to apply the programs and the application procedures are clarified.
(19) Appropriate anti-virus measures are taken.
(20) In the event of an incident such as information leakage, destruction, or falsification, procedures and systems for promptly informing users are established. In addition, the system is capable of responding 24 hours a day, 365 days a year in case of emergency.
(21) In the event of an incident, the relevant logs are provided to users.

2 Likes

Ummmmm, Adalo barely launched a year ago or so, maybe 1.5 years.They recently released a statement regarding GDPR compliance, but you’d have to check your app data collection and functions against their statement for true fit.

My best guess is that this level of detail in regards to data/information security isn’t currently available. Certainly something to strive for, Adalo team!

In the meantime, many of us are patiently waiting for many important features which are currently in development. :slight_smile:

1 Like

Thank you for your response!
I’m shocked that this kind of information doesn’t seem to be out there :cry:

If Adalo uses AWS or Azure as their datacenter, we can report to our company that Adalo’s security is protected by these providers.

It would be great to have some information that Adalo is using AWS or Azure.

Adalo is definitely moving AWS for better performance, for the exact timelines around it, you might have to send a support ticket to get detailed response.

1 Like

Thank you for your adviser!!
I’ll send a support ticket for Adalo!

We currently are working towards providing this information and working towards our ISO certification.

As mentioned, Submit a Support Ticket and we will try to answer as many of these as we can.

3 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.