Transmission of data between Socrative devices, thin clients, and servers are encrypted using TLS protocol. This ensures the privacy of the transmitted information and prevents unauthorized users from viewing data.
All files are encrypted at rest. We use Amazon's Server Side Encryption to manage the encryption of our files.
All databases are encrypted at rest. We use Amazon's KMS to manage the encryption of our database.
Our encryption uses 256-bit keys on a symmetric algorithm AES.
Data transmissions are encrypted using TLSv1.X protocols. We implement SSL certificates with RSA algorithm and key sizes of 256 bit.
Socrative devices and servers are provided with the latest security upgrades and configuration; in addition, we continually monitor network logs to ensure that our systems are not compromised. AWS security monitoring tools help identify several types of denial of service (DoS) attacks including distributed, flooding and software/logic attacks. AWS networks provide significant protection against traditional network security issues such as — DDoS attacks, MITM attacks, IP spoofing, Port scanning, Packet scanning, etc. For more information on network security visit the Amazon Web Services Cloud Security website (https://aws.amazon.com/security/).
Data Storage and Access Security
Socrative software-as-a-service applications reside on Amazon’s data centers. We have dedicated redundant servers at multiple data centers in different countries around the globe. Data centers are state of the art, secure, climate-controlled and constantly monitored. See
http://aws.amazon.com/compliance for regulatory compliance information.
Server security and reliability best practices ensure high reliability and maximum security:
Physical security – Hosting facilities are monitored 24/7/365 and servers are located in a secure data center with limited access.
Redundancy – Redundant server pairs are in different locations. So power loss, fire or natural disasters will not affect the reliability of service.
Data backups and availability – We maintain database backups on a regular basis or scheduled intervals.
Software updates – Server OS and software updates are tested on an isolated system before they are applied to servers.
Virtual security – Log monitoring and auditing practices are used to find unauthorized attacks/access attempts. Bare minimum access is granted to server admin accounts and passwords are rotated at regular intervals.
Password security – Socrative enforces strict password security and requires server passwords to adhere to industry standards and best practices. Passwords are never written down or transmitted via e-mail or other electronic messengers.