Security

Platform.sh lets you deliver amazing digital experiences, while keeping your site safe, secure, and available—24x7. Now you can navigate through changing requirements and updates as you’re protected against cyberattacks.

Security

Data privacy in today’s world

Platform.sh takes your privacy seriously. We’re compliant with the European GDPR (DPA available), German BDSG (DPA available), and Canadian PIPEDA. We’ve demonstrated our commitment to data security by achieving SOC 2 Type 1 certification in Security and Availability on Amazon Web Services (AWS), Microsoft Azure, Orange Cloud for Business, and Google Cloud Platform (GCP). The Service Organization Control (SOC) 2 certification is developed by the American Institute of Certified Public Accountants (AICPA) and is recognized as the gold standard for data security and privacy. Platform.sh has also undergone a PCI DSS gap analysis.

AICPA SOC
When you use Platform, you can:
  • Know that your security comes first in everything we do. We promptly notify you if we detect a breach of security.
  • Control what happens to your data. You can access it or take it out at any time.
  • Know where your data is stored and rely on it being available when you need it. You define where your data is stored. We operate our service from multiple data centers with strong security practices that are independently validated by third-party auditors.
  • Be confident knowing that customer data is not used for advertising. You own your data. We don’t process your data for advertising purposes.

We keep all your data private and safe

Cryptography and user security
Cryptography and user security

All of our sites adhere to our cryptographic controls policy, which mandates the use of strong, industry-standard cryptographic measures. These measures include TLS for data in transit and encrypted disks, and support for 2FA.

Auto-redundant architecture
Auto-redundant architecture

Our Enterprise offering comes with automated triple redundancy for every element of your stack, as well as automated full-cluster backups.

Security updates and stack management
Security updates and stack management

Platform.sh provides security updates for every element of the stack as soon as they’re available—without service interruption.

Permissions and access management
Permissions and access management

Retain tight control and governance over user access via fine-grained, per-environment permissions.

Project and data isolation
Project and data isolation

Each project runs in isolation, with the most minimal network surface possible. Every service is network isolated from other services.

Global managed CDN
Global managed CDN

Platform.sh makes it easier to integrate your application with a CDN versus configuring all the CDN/cloud bits yourself.

Security updates and stack management

We keep your services secure, so your team can focus on building cool stuff.

Platform takes over the activities needed to manage the stack and perform infrastructure security updates saving you time, frustration, and money. So you can focus your efforts on building and maintaining world-class applications.

Instant and global updates

No more outdated software and libraries. Our seamless infrastructure rollouts enable you to stay current with all the latest versions. Updating your application is simply a lightning-fast redeploy away. Do it manually or automate it to fit your change windows.

New releases as they go stable

We follow a strict testing procedure for every release of new versions of runtimes and stack components.

Git-driven architecture

Every change to your infrastructure configuration is versioned and auditable, so you can have peace of mind.

Immutable architecture

Every application is deployed to a read-only file system. Any software install or change to the application is through a secure and auditable process.

Incident commanders

Should an incident occur, a dedicated engineer is assigned and responsible for executing our incident-management process through resolution.

Rigorous security incident procedures

Should an infrastructure security incident occur, our security incident-management process will be triggered. Our dedicated security team will bring their experience to bear, determining the root cause and mitigating the issue.

Project data and isolation

Create multiple, byte-for-byte clones of production—securely and in isolation

You can clone your environments endlessly to meet your development workflows and know that these environments are isolated from all others—even your own. If your data needs to stay in a specific geographic region, you can specify where you want that to be.

Project data and isolation
Secrets management

Limit the secrets available on a specific environment, and override each value with a test value for non-production environments.

Project isolation

Every project is fully isolated from others, either logically or physically.

Backup and restore

Snapshots, a coherent set of all containers with their state and project data, can be captured and restored.

Geographic isolation

You can specify which region to host your project in, and we'll ensure that your data stays within that region.

Permissions and access management

Safeguard confidentiality, integrity, and availability.

Retain complete control and governance of your application, while giving full flexibility to your developers to build, test, and deploy new features quickly.

Permissions and access management
Permissions per environment

Let developers freely and fearlessly create and work on test environments without worrying about changing or seeing production.

Goodbye passwords

SSH access is restricted to Public Key authentication only, ensuring only those who are supposed to log in, can.

Two-factor authentication

Any dashboard login can be enforced through a second authentication method.

Principle of least privilege

Permissions are set at minimum level and are managed through a central directory for terminations and audits.

Hardening measures

Eliminate risks and threats with added layers of protection.

Reduced attack surface

Our fully automated, reproducible build chain creates microcontainers, with no extraneous packages.

Hardened kernel and services

We run hardened Linux Kernels. All deployed packages come from signed internal repositories.

Platform.sh provides a modern, secure infrastructure to provide you with peace of mind. We lock down access to the extent possible, while allowing you to specify your services and routes.

Rootless operations

Operations are performed without using root and are fully automated. All operations are logged.

Restrictive firewall

Our infrastructure employs both security groups and iptable firewalls. Only HTTP/S and SSH are allowed in. Services run in full network isolation. You specify the routes your application needs.

Restricted access

SSH access is controlled per environment. All users are unprivileged.

Read-only containers

In our Professional offering, user code is run on read-only file system, so no changes can be made in the code once it’s deployed.

Multitier, secure, global managed CDN

Performance, security, and protection.

We work with you to apply the best caching strategy to optimize your application performance, uptime, and costs—without compromising security. Our Enterprise offering gives you a solid foundation of vital security measures to protect your customers’ personal information and other sensitive data.

Multitier, secure, global managed CDN
DDoS mitigation

The CDN provides Distributed Denial of Service prevention.

Modern features

Your developers will love our additional modern features, like a built-in reverse proxy cache and TLS encryption on all connections.

99.99% uptime guarantee

This extends to the worldwide cache layer, so you can consistently deliver the best digital experience to your audiences.

Build your greatest-ever app.

Get Started