We Take The Security of Your Data Extremely Seriously

The UseNow platform is developed, maintained and hosted for CFS Krug GmbH by Hamburg-based Portrix.net GmbH. The servers where the web application is hosted are located in a secure colocation datacenter in Munich. 

Our application is running in virtual machines using Oracle's OVM stack with XEN-based virtualization on one of several host servers. The UseNow application runs on a LAPP stack (Linux, Apache, PostgreSQL, PHP) in a virtual machine that is used for UseNow exclusively. The guest operating system, including the user space programs for the LAPP stack, is a current version of Oracle Linux. Security support and regular software updates for the operating system are provided by Oracle and applied by Portrix in a timely manner.

Application data is not physically stored on the VM host server itself, but on a dedicated storage system (Oracle FS1-2 attached "behind" the servers using a dedicated SAN). All data is spread blockwise in a non-predictable way across all disks in the volume group using RAID and related techniques. The volume group where the UseNow VM stores its data consists of several disks, so a single disk pulled out of the storage system, for example when it is being replaced, can never contain the whole database of the application - only a small, non-predictable, and non-contiguously chunked fragment. Automatic tiered backups of all VM storage spaces to a dedicated backup space are done once per day.

While the storage system is attached to the servers via SAN and thus not reachable through the internet at all, the VM servers themselves are connected to the internet via a Cisco router that is also used as a dedicated network firewall. Each VM has its own IP address. By policy, Portrix configures the firewall individually for every customer so that each VM gets packets only for ports that it really needs to use. Services that are only needed for administrative tasks (such as SSH) are only allowed through a VPN with forced two-factor authentication. Users who are not in the VPN cannot try to connect to the VM via SSH, for example.

UseNow employees as well as UseNow customers access the application only through the web interface. No special networking is needed for this type of access. Use of IPv6 is supported and encouraged. Authentication of individual users of the platform is done by username and password. Use of HTTPS is enforced so that user credentials or data content cannot be sniffed or manipulated over the network. Individual user accounts or groups of users (e.g. for one company) can additionally be restricted to be usable only within certain IP address ranges if requested by the customer (IPv4 and IPv6).