What is the Platform.sh approach to security?

Slideshow

View full screen

Video
Notes

Whether you're running an online store or a learning management systems, the security of your application needs to be the highest priority.

Teams need to be able to know and verify that their sites are secure at all times.

On Platform.sh, every change to your application code, infrastructure or otherwise, has to occur through Git.

This ensures that even when team members commit broken code, it can always be traced back to the source.

So you can find out what was changed, who made that change, and when was it applied to production, all visible in the Git log.

Additionally, Platform.sh containers are read-only post-build, making it impossible for anyone to "fix it live" and forget it. That means that even if the site has been compromised, the code can't be.

What's more, Platform.sh provides strict controls to limit who can contribute to which environments right from the beginning.

So even though you can add a user to commit to one branch,

they are incapable of merging into master without proper review first. Because no one likes broken code, even on Fridays.

Security is on us from the start. You pick the major version for your runtimes and services, and we'll handle every security update to the those services, and to the operating system for you.

This is secure-by-design architecture at your disposal. We run hardened Linux kernels, and all packages originate from internal signed repositories, and every operation we make is fully automated and logged. We keep a restrictive firewall in place where only HTTP, HTTPS and SSH are allowed inside with fully isolated services. By default, all users are unprivileged to access environments via SSH, and access is granted on an environment-by-environment basis. Two factor authentication can be enforced for every login to your team's dashboard, and TLS certificates are provided for free for every project and environment as soon as they are created.

Platform.sh also comes compliant with GDPR, BDSG, and PIPEDA, and our cloud partners are certified under multiple compliance frameworks themselves.

Build your greatest ever app
Get started for free