Updated by Matthew Cotter
EmployUs takes security seriously. We have a constantly evolving security program, with regular security reviews and training. We also utilize Google Cloud Platform for hosting, which allows us to have best-in-class security at the data center level.
While developing, we utilize a rigorous code review process. EmployUs also utilizes the Google Cloud Security Scanner, which runs regularly and produces a report and alerts us of any potential vulnerabilities so that we can respond quickly.
Resiliency / Availability
Our main application is hosted in a Google data center, and data is backed up to second data center location. In the unlikely event that our main data center was not available (Google Cloud Platform has a 99.95% SLA and Google Cloud Storage has a 99.9% SLA), our application can be quickly redeployed in one of Google’s other data centers.
Data Center Security and Compliance
EmployUs utilizes Google Cloud Platform for hosting, which has state of the art hosting facilities and security protocols. See the Google Cloud Platform Security page for more information. Google is also audited yearly for SOC 1, SOC2, and SOC3 and ISO 27001, ISO 27017, and ISO 27018.
Encryption in Transit and at Rest
EmployUs uses HTTPS (TLS 1.2) for user-facing connections. Google Cloud Platform utilizes TLS 1.3 for internal connections.
Google Cloud Platform encrypts customer content stored at rest, without any action required from the customer, using one or more encryption mechanisms. Hard disks (HDD) are encrypted at a minimum at AES128 and new solid state drives (SSD) are encrypted at AES256.
In addition to utilizing Google’s automatic failover in case of disaster, EmployUs has a Disaster Recovery plan that is tested regularly. This plan includes deploying our application and data to a new data center, and can be accomplished from scratch in under an hour.