Platform.sh lets you deliver amazing digital experiences, while keeping your site safe, secure, and available—24x7. Now you can navigate through changing requirements and updates as you’re protected against cyberattacks.
Platform.sh takes your privacy seriously. We’re compliant with the European GDPR (DPA available), German BDSG (DPA available), Canadian PIPEDA, and the Australian Privacy Act. We’ve demonstrated our commitment to data security by undergoing an annual SOC 2 Type 2 examination over Security and Availability, and by achieving PCI DSS Level 1 compliance for our platform hosted on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). We are also members of Gaia-X, a private-public initiative to develop common requirements for a European data infrastructure.
All of our sites adhere to our cryptographic controls policy, which mandates the use of strong, industry-standard cryptographic measures. These measures include TLS for data in transit, encrypted disks, and support for 2FA.
Our Dedicated offering comes with automated triple redundancy for every element of your stack, as well as automated full-cluster backups.
Platform.sh provides security updates for every element of the stack as soon as they’re available—without service interruption.
Retain tight control and governance over user access via fine-grained, per-environment permissions.
Each project runs in isolation, with the most minimal network surface possible. Every service is network isolated from other services.
Platform.sh makes it easier to integrate your application with a CDN versus configuring all the CDN/cloud bits yourself.
We keep your services secure, so your team can focus on building cool stuff.
Platform.sh takes over the activities needed to manage the stack and perform infrastructure security updates saving you time, frustration, and money. So you can focus your efforts on building and maintaining world-class applications.
No more outdated software and libraries. Our seamless infrastructure rollouts enable you to stay current with all the latest versions. Updating your application is simply a lightning-fast redeploy away. Do it manually or automate it to fit your change windows.
We follow a strict testing procedure for every release of new versions of runtimes and stack components.
Every change to your infrastructure configuration is versioned and auditable, so you can have peace of mind.
Every application is deployed to a read-only file system. Any software install or change to the application is through a secure and auditable process.
Should an incident occur, a dedicated engineer is assigned and responsible for executing our incident-management process through resolution.
Should an infrastructure security incident occur, our security incident-management process will be triggered. Our dedicated security team will bring their experience to bear, determining the root cause and mitigating the issue.
Create multiple, byte-for-byte clones of production—securely and in isolation
You can clone your environments endlessly to meet your development workflows and know that these environments are isolated from all others—even your own. If your data needs to stay in a specific geographic region, you can specify where you want that to be.
Limit the secrets available on a specific environment, and override each value with a test value for non-production environments.
Every project is fully isolated from others, either logically or physically.
Snapshots, a coherent set of all containers with their state and project data, can be captured and restored.
You can specify which region to host your project in, and we'll ensure that your data stays within that region.
Safeguard confidentiality, integrity, and availability.
Retain complete control and governance of your application, while giving full flexibility to your developers to build, test, and deploy new features quickly.
Let developers freely and fearlessly create and work on test environments without worrying about changing or seeing production.
SSH access is restricted to Public Key authentication only, ensuring only those who are supposed to log in, can.
Any dashboard login can be enforced through a second authentication method.
Permissions are set at minimum level and are managed through a central directory for terminations and audits.
Eliminate risks and threats with added layers of protection.
Our fully automated, reproducible build chain creates microcontainers, with no extraneous packages.
We run hardened Linux Kernels. All deployed packages come from signed internal repositories. We perform internal detection, logging, and alerting of any process or activity that attempts to break our infrastructure containment model.
Platform.sh provides a modern, secure infrastructure to provide you with peace of mind. We lock down access to the extent possible, while allowing you to specify your services and routes.
Operations are performed without using root and are fully automated. All operations are logged.
Our infrastructure employs both security groups and iptables firewalls. Only HTTP/S and SSH are allowed in. Services run in full network isolation. You specify the routes your application needs.
SSH access is controlled per environment. All users are unprivileged.
In our Professional offering, user code is run on read-only file system, so no changes can be made in the code once it’s deployed.
Performance, security, and protection.
We work with you to apply the best caching strategy to optimize your application performance, uptime, and costs—without compromising security. Our Enterprise offering gives you a solid foundation of vital security measures to protect your customers’ personal information and other sensitive data.
The CDN provides Distributed Denial of Service prevention.
Your developers will love our additional modern features, like a built-in reverse proxy cache and TLS encryption on all connections.
This extends to the worldwide cache layer, so you can consistently deliver the best digital experience to your audiences.
© 2022 Platform.sh. All rights reserved.
