An Inside Look At How Mozenda Secure Data of Clients
February 24, 2015
Since introducing our cloud platform just seven years ago, we’ve grown from serving a small handful of customers to over one hundred thousand sign-ups to our cloud platform. Thank you to everyone who has used our product. We appreciate your business. You’ve helped Mozenda become the worldwide leader in web data extraction. And we couldn’t have done it without you.
To those who are not yet Mozenda customers, we hope to one day earn your business. We are excited about what lies ahead and are confident we will continue to provide the easiest-to-use web data extraction product on the market.
Navigating the kind of growth we’ve experienced can be difficult. Web technologies are constantly changing. New web technologies frequently emerge that require companies like ours to adapt and accommodate. This is not easy, but we are up to the task and accept the challenge wholeheartedly.
Last week, our CEO, Brett Haskins, shared with you our desire to communicate more effectively and transparently with you. I thought, how better to kick off this process than to share with you some facts about our data center and to introduce you to Status.Mozenda.com, our new portal for providing you with up-to-the-minute system status, so you always know what’s going on with the Mozenda cloud.
The portal is powered by StatusPage.io. Rather than implement a home-grown portal requiring ongoing maintenance, we chose to use StatusPage.io because they are reliable and straFightforward, and their user interface makes it quick and easy for us to provide you with updates. This helps us focus on the problem at hand and still provide you with timely, informative updates.
The portal shows the major components of our system and their current status, as well as overall system status. Naturally, our goal is for all the checks to be green. But sometimes things go wrong. When this happens, we’ll provide updates and explanations about the situation. These updates won’t always be in real time, but we’ll do our best to be sure you’re informed in a timely manner throughout the troubleshooting and resolution process so you aren’t left in the dark.
When there’s a partial or major outage, we’ll follow up the incident with a postmortem so you know what steps we’re taking to reduce the likelihood of or entirely eliminate the same problem from happening again.
Safeguarding Customer Data
Because data is at the core of our business, keeping our customer’s data safe and secure is of the utmost importance to us. In fact, nothing is more important to us than the safety and security of our customer’s data. We rely on the expertise of C7, a world class data center located in Utah, to help us in this effort. We co-locate the majority of our servers at C7. Here’s a peak inside C7’s Granite Point II facility in Bluffdale, Utah:
C7 has strict security policies and technology in place to ensure our data and infrastructure are both safe and secure, including SSAE 16, PCI, and HIPAA compliance audits, and 2 factor, 5 layer authentication, which requires a hand scan and four digit pin to gain physical access to our servers. Additionally, C7 employs 24 x 7 on-site security, video cameras throughout their facilities, background checks, access logs, and so forth. Security and transparency are at the core of their business and their infrastructure shows their commitment to these core beliefs.
How We Restrict Access
For our part, we restrict direct physical and electronic access to our servers to four specific Mozenda Operations personnel tasked with overseeing all data center operations. Electronic access to servers is allowed only through a VPN connection using IPSec, an industry standard for ensuring private, secure communications over the Internet.
Sometimes Mozenda employees who are not part of the Operations team need to access customer accounts to provide support and perform periodic maintenance on behalf of the customer. In these cases, employees use the same SaaS web interface used by customers and are limited to accessing the accounts during specific business hours and from specific locations. Each access of and modification to a customer’s account is logged by our system, including the name of the employee and the time of the access, as part of our effort to maintain accountability.
PayPal and PCI Compliance
We integrate with Paypal for payment processing and undergo a periodic audit for PCI compliance. As such, we do not store any credit card information on our systems and do not have access to this information once a payment has been posted through our system.
Your Own Database
We give each Mozenda customer account a physically separate database. This compartmentalizes customer data so it is separate and secure from the data of other customers. This also simplifies how our applications access the data by virtually eliminating risks associated with cross-mingling of data. Rest assured, your data is truly yours.
Redundancy and High Availability
C7 utilizes a N+1 redundant power delivery infrastructure, battery and generator backup, and redundant power legs to each server cabinet. C7 data centers are highly connected with multiple Tier 1 and Tier 2 on-net providers.
We use HP ProLiant rack mount and blade servers almost exclusively because of their excellent support for high availability and their accurate alerting capabilities. We virtualize almost all of our data center processes using Microsoft Hyper-V running on Windows Server 2012. This gives us the flexibility we need to appropriately manage resources, balance load, and increase capacity without the need to frequently procure additional hardware.
All of our storage is redundant using RAID levels 1+0 and 6. We perform nightly differential backups and weekly full backups of important customer data to multiple locations, including off-site (out-of-state) using a secure connection.
To be sure our data center hums along in tip-top shape, we utilize a variety of monitoring tools, such as FrameFlow, Librato, and Windows performance counters, along with proprietary monitoring applications. We receive real-time alerts from these monitoring systems when specific thresholds are exceeded and take immediate action to resolve the issues before they turn into problems.
We periodically maintain our systems between 11 PM and 3 AM, eastern time, usually on a weekend. We do this to install security patches and update our hardware and software. While this is infrequent, it can mean that some services are not available during this time. We designed our system so that this should have minimal impact on most customers. Agents will pause while the system maintenance takes place and will resume once maintenance is complete.
In most cases, we will notify customers two weeks in advance, but note that sometimes security patches or other upgrades may be urgent and we may not always be able to give advance notice.
When we schedule maintenance, we will send an email to customers notifying them of the maintenance, including when it will take place, how long it will take, and what actions will be taken. Additionally, we will post this information to Status.Mozenda.com and provide periodic updates regarding progress during the maintenance window.
Once again, thank you for your interest in Mozenda. We appreciate each of you. If you have suggestions on how we can improve, please don’t hesitate to send an email to firstname.lastname@example.org. We’d love to hear from you!
If you’ve read this far, you’re probably wondering who wrote this post. My name is Corey Young and I am a Co-founder and the CTO of Mozenda.