Each user and team using Wake expects their data to be secure and highly confidential. We understand the importance of keeping our users' data private and work to do our very best make sure this is the case at all times.
System & Hosting Security
Wake uses Google Compute Engine and Amazon S3 for processing and storage, and thus inherits their state of the art security levels.
It features a dedicated firewall, key-based SSH login, and extensive monitoring features. Only three Wake engineers have direct access to the hosting machines and their logins are secured using two factor authentication.
The hosting system is kept up to date perpetually and monitored against intrusion. All Wake user connections are encrypted using HTTPS using state of the art RSA 2048 bits keys. Its configuration supports current security features such as PFS and SHA256 digests. Its Qualys SSL Rating is "A".
Direct file access is protected behind the following security measures:
- Obfuscation of the filename using strings generated from version 4 UUIDs
- Access tokens are required to access the files directly from google storage, and are refreshed frequently.
- Multiple authentication levels are required to retrieve a Google Storage access token.
Wake logs are monitored in real time; errors get immediately handled by engineers.
Wake Software Security
Wake has been developed by experienced software engineers and with OWASP quality standards in mind. Special care has been invested in making sure that user content and metadata is only available to authorized users.
While integration with third party services (such as Slack) is possible, this happens purely on a team administrator opt-in basis. With the optional integration turned off, all processing of user data happens purely on the secure Wake servers.
Wake is currently subject to a code review, aiming for industry standard OWASP ASVS 2015 certification. This means that the Wake system is checked by a reviewer external to the Wake core development team against a multitude of common security issues such as code and query injection and CSRF issues.
Additionally to the facilities provided by Google, Wake features an offsite incremental backup. The backup is encrypted and accessible to the same people that have access to the live Wake servers exclusively.
If you have any questions or concerns regarding Wake's security, please contact us at firstname.lastname@example.org.