Our solution lets you deliver the best digital customer experience, whilst keeping you safe, secure, and available 24/7. Now you can navigate through change but stay protected against nefarious attacks.
Robust security and compliance
Our Enterprise offering comes with automated triple redundancy for every element of your stack, as well as automated full-cluster backups.
Security updates for every single element of the stack as soon as they are available. With no service interruption.
Retain tight control and governance over user access via fine-grained, per-environment permissions.
Each project runs in perfect isolation with the most minimal network surface possible. Every service is network isolated from other services.
The integrated CDN available with our Enterprise plan provides best-in-class DDOS protection.
Platform.sh is compliant with the GDPR, BDSG, and PIPEDA. Our cloud partners are certified under multiple compliance frameworks.
We keep your services secure so that your team focuses on building cool stuff
Don’t let a “Sorry I forgot to deploy the patch” put your systems, data, and company reputation at risk. Our engineers keep you regularly updated and secure, around the clock.
Instant & global updates: No more outdated software and libraries as our seamless roll-outs let you stay current with all latest versions.
New releases as they go stable: We follow a strict testing procedure for every release of new versions of runtimes or stack components.
Git-driven architecture: Every change to your infrastructure configuration is versioned and tracked, for complete peace of mind.
Immutable architecture: Every application is deployed to a read-only file-system. Any software install or change to the application is through a secure and auditable process.
Incident commanders: Should an incident occur, a dedicated engineer is assigned and is responsible until the incident is resolved.
Rigorous security incident procedures: We ensure every possible action is taken to mitigate a security breach.
Create multiple byte-for-byte clones of production, securely and in isolation
Limit the secrets available on a specific environment and override each value by a test value for non-production environments.
Every project is be fully isolated from others either logically or physically.
Snapshots, a coherent set of all containers with their state and project data, can be captured and restored.
You can specify which region to host your project in and we'll ensure that everything stays within that region.
SAFEGUARD SECURITY AND DATA INTEGRITY
Retain complete control and governance of your application, yet still give full flexibility to your developers to build, test and deploy new features at lightning speed.
Let developers freely create and work on test environments without fear that they can change or see production.
SSH access is restricted to Public Key authentication only, ensuring only those who are supposed to log in are able to.
Any login to the dashboard can be enforced through a second authentication method.
Permissions are set at minimum level and are managed through a central directory for terminations and audits.
Eliminating risks and threats with added layers of protection
Our fully automated reproducible build-chain creates micro-containers with no extraneous packages.
We run hardened Linux Kernels, and all deployed packages come from internal signed repositories.
Operations are fully automated. All operations are logged.
We employ both ingress and egress firewalls. Only HTTP/S and SSH are allowed in. Services run in full network isolation.
SSH access is controlled per-environment. All users are unprivileged.
User code is run on read-only file-system so no changes can be made in the code once it is deployed.
Performance, security, and protection
We work with you to apply the best caching strategy to optimize your application performance, uptime, and costs, without compromising on security. Our Enterprise plan gives you a solid foundation of vital security measures to protect your customers’ personal information and other sensitive data.
We make it possible for you to retain the highest standard of TLS encryption without sacrificing on site performance.
Our protection measures provide sound of mind against even the most sophisticated tools attackers currently use.
Your developers will love our additional modern features like a built-in reverse proxy cache and TLS encryption on all connections.
This extends to the worldwide cache layer, giving serenity in delivering the best digital experience to your audiences.