Michael Heering

Security and hosting data of Copernica Marketing Software

Written by Michael Heering on

Are you curious as to what happens to your data when you start working with Copernica Marketing Software? Is your data stored safely and is it susceptible for cyber attacks? In the article below, Copernica is happy to provide some interesting information on the hardware we use and on the security and hosting of your data at Copernica.

Hardware
Most of our hardware is stored in the Evoswitch Datacenter in Haarlem (Netherlands). The main reason Copernica chose for Evoswitch is because it gave us access to the latest and hyper modern technologies. Our internet connection within the datacenter consists of a redundant 100MB/s connection.

Copernica has several servers, each with their own tasks. We have:

  • Database servers: This is where we store all of our users' data.
  • Replication servers: These are copies of the database servers (the mirror databases).
  • Webservers/Publisher-servers: The applications of our users run on these servers and all of the web pages within the application are hosted on these servers.
  • Taskservers: Execute all tasks within and around the application such as building emailings and selections, dealing with follow-up actions and imports & exports.
  • Two loadbalancers: Divide the tasks amongst the webservers and picservers. One of these loadbalancers is always active enabling the other one to take over should it occur that the active loadbalancer malfunctions.
  • Controller: Manages all the tasks of the taskserver. This is where the taskservers fetch their tasks.
  • Mailsender/mailserver: Is responsible for sending the mailings of our users.
  • Picservers: This server hosts all the images and hyperlinks of our users' emailings and feeds.

Back-ups

All of the data of Copernica's databases is backed up and stored through the SAN (Storage Area Network). Using this system provides us with a large storage capacity, transaction speed and reduces the possible downtime. Should a database server malfunction, it can be easily replaced.

Passwords in Copernica

Copernica's passwords are very powerful. A password for Copernica must include 6 or more of the following characters:

  • Lower case letters
  • Uppercase letters
  • Special characters
  • Alphanumeric characters

Passwords are stored digitally and encrypted.

Some other questions answered

To reassure you even more that your data is stored safely at Copernica, we have answered some more questions regarding security and data transfer below:

  • Who stores my data in Copernica and how is this data stored?
    • Users of Copernica can import data themselves. This can be done in three ways; manually, via FTP or via API.
  • Is my data secured during the delivery to Copernica?
    • Yes, imports are done via HTTPS. If you prefer using FTP, then you can use SSL (FTPS).
  • When delivering data through FTP or a download: is this done via a secured internet connection (SSL, HTTPS, FTPS)?
    • Yes, as a user, you can import data yourself via FTPS or HTTPS.

How susceptible is Copernica for cyber attacks?

Online organization that possess a lot of data can be susceptible for cyber attacks. For example, D-DOS attacks, Brute-Force-Attack, Cross-site scripting and SQL-injections. Below, you can find a short description of each of these attacks and how Copernica is protected against these attacks.

DDOS

Denial-of-service attacks (dos-attacks) and distributed denial-of-service attacks (ddos-attacks) are attempts to disable a computer, computer network or service by opening an enormous ammount of connections to a server causing it to jam. Think about the newsitems you see about the servers of VISA, in such cases these servers were jammed due to DDOS-attacks.

The difference between a 'normal' dos-attack and a distributed dos-attack is that in the latter case the attack is led by multiple computers at the same time. In most cases, a botnet is used but it can happen that it concerns several individuals who coordinate their actions (this is what the Anonymous movement does).

Through our hosting partner Evoswitch, Copernica is protected against DDOS attacks. On their website they mention:

"We monitor all of the incoming and outgoing traffic through our Cisco netflow."A flow is defined as IP traffic with a similar IP source, IP destination, source port and destination port. As soon as an IP address receives more than 35.00 flows per second, this is automatically placed on a blacklist.

The first time an IP address is hit by a DDOS attack, it is placed on a blacklist for the duration of one hour. Every attack that follows doubles this time. The contact person who has been designated in the customer portal is informed immediately about the DDOS attack and temporary blacklist-listing via email.

Brute-Force-Attack

A Brute-Force-Attack occurs when the attack consists of multiple attempts to login.

Copernica continuously monitors the traffic on the servers and logs the number of attempts to login. As soon as our system registers many false attempts to login, Copernica will block the user (if needed, we can do this manually).

Cross-Site-Scripting

Everywhere we receive user input within the application and we reproduce this input, we use escaping. This makes it impossible to attack Copernica Marketing Software using cross-site-scripting.

SQL injection

Odd characters can pose a threat to your database if you do not escape properly. Think of the story on ‘little bobby drop tables’

Little Bobby Drop Tables

The underlying framework of Copernica Marketing Software prevents this from happening because Copernica writes all queries with so called placeholders, which are escaped automatically.

Related articles

Security hosting data hardware back ups servers

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is rapidly approaching and will affect all organizations that process personal data, including Copernica and all its customers. As such it is important to take a close look at the rulings and to review the steps that will have to be taken.