Security

Our solution lets you deliver the best digital customer experience, whilst keeping you safe, secure, and available 24/7. Now you can navigate through change but stay protected against nefarious attacks.

No compromise on web security

Robust security and compliance

Auto-redundant architecture

Our Enterprise offering comes with automated triple redundancy for every element of your stack, as well as automated full-cluster backups.

Security updates & stack management

Security updates for every single element of the stack as soon as they are available. With no service interruption.

Permissions & access management

Retain tight control and governance over user access via fine-grained, per-environment permissions.

Project & data isolation

Each project runs in perfect isolation with the most minimal network surface possible. Every service is network isolated from other services.

Global Managed CDN

The integrated CDN available with our Enterprise plan provides best-in-class DDOS protection.

Compliance, Certifications

Platform.sh is compliant with the GDPR, BDSG, and PIPEDA. Our cloud partners are certified under multiple compliance frameworks.

Security updates and stack management

We keep your services secure so that your team focuses on building cool stuff

Don’t let a “Sorry I forgot to deploy the patch” put your systems, data, and company reputation at risk. Our engineers keep you regularly updated and secure, around the clock.

Instant & global updates: No more outdated software and libraries as our seamless roll-outs let you stay current with all latest versions.

New releases as they go stable: We follow a strict testing procedure for every release of new versions of runtimes or stack components.

Git-driven architecture: Every change to your infrastructure configuration is versioned and tracked, for complete peace of mind.

Immutable architecture: Every application is deployed to a read-only file-system. Any software install or change to the application is through a secure and auditable process.

Incident commanders: Should an incident occur, a dedicated engineer is assigned and is responsible until the incident is resolved.

Rigorous security incident procedures: We ensure every possible action is taken to mitigate a security breach.

Project data and isolation

Create multiple byte-for-byte clones of production, securely and in isolation

Secrets management

Limit the secrets available on a specific environment and override each value by a test value for non-production environments.

Project isolation

Every project is be fully isolated from others either logically or physically.

Snapshots

Snapshots, a coherent set of all containers with their state and project data, can be captured and restored.

Geographic isolation

You can specify which region to host your project in and we'll ensure that everything stays within that region.

Permissions and access management

SAFEGUARD SECURITY AND DATA INTEGRITY

Retain complete control and governance of your application, yet still give full flexibility to your developers to build, test and deploy new features at lightning speed.

Permissions per environment

Let developers freely create and work on test environments without fear that they can change or see production.

Goodbye passwords

SSH access is restricted to Public Key authentication only, ensuring only those who are supposed to log in are able to.

Two-factor authentication

Any login to the dashboard can be enforced through a second authentication method.

Principle of least privilege

Permissions are set at minimum level and are managed through a central directory for terminations and audits.

Hardening measures

Eliminating risks and threats with added layers of protection

Reduced attack surface

Our fully automated reproducible build-chain creates micro-containers with no extraneous packages.

Hardened kernel and services

We run hardened Linux Kernels, and all deployed packages come from internal signed repositories.

Rootless operations

Operations are fully automated. All operations are logged.

Restrictive firewall

We employ both ingress and egress firewalls. Only HTTP/S and SSH are allowed in. Services run in full network isolation.

Restricted access

SSH access is controlled per-environment. All users are unprivileged.

Read-only containers

User code is run on read-only file-system so no changes can be made in the code once it is deployed.

Multi-tier, secure, global managed CDN

Performance, security, and protection

We work with you to apply the best caching strategy to optimize your application performance, uptime, and costs, without compromising on security. Our Enterprise plan gives you a solid foundation of vital security measures to protect your customers’ personal information and other sensitive data.

TLS Encryption at every level

We make it possible for you to retain the highest standard of TLS encryption without sacrificing on site performance.

DDoS Mitigation

Our protection measures provide sound of mind against even the most sophisticated tools attackers currently use.

Modern features

Your developers will love our additional modern features like a built-in reverse proxy cache and TLS encryption on all connections.

99.99% uptime guarantee

This extends to the worldwide cache layer, giving serenity in delivering the best digital experience to your audiences.

Build your greatest-ever app.

Get Started