TimeTiger® Online is a hosted Software as a Service (SaaS) offering delivered using the Amazon AWS Cloud and DigitalOcean Developer Cloud. Each of these cloud service providers maintains extensive data center security provisions and performs proactive service health monitoring and reporting.
Your particular TimeTiger instance may reside on either or both infrastructures, but we can accommodate specific location requests based on performance and/or government data protection requirements.
TimeTiger instances operate on self-contained Linux virtual machines that house the web server/application server/database stack behind an instance-specific firewall. The operating system and associated packages are regularly updated and recommended security best-practices are reviewed and followed as appropriate.
The TimeTiger application server has been developed and hardened over the past 20 years with security as a primary requirement and consideration. TimeTiger relies on very few third-party code dependencies, each of which are vetted and regularly updated. Security-related enhancements are validated and regression tested throughout the ongoing development process.
TimeTiger data is stored on-instance in a separate database with per-application access controls. The database is accessible only by the TimeTiger application server process and approved administrative processes running to support the TimeTiger hosted environment. TimeTiger database servers are firewalled and IP-scoped to permit local connections only.
We collect comprehensive application server, web server, and database access logs, including login user names and timestamps as well as administrative operations performed in the production environment. Investigations can be supported by detailed logs at several levels of the technology stack.
Select Indigo employees are able to access our production environment and live customer data for the purpose of solving your technical issues and answering your support questions. Employees are carefully screened and access to the production environment are granted on an as-needed basis.
Daily database backup snapshots are stored for each of the most recent seven (7) days in a secured and non-publicly accessible Amazon S3 bucket. Backups are permanently removed after 7 days. You may request access to your backups at any time.
By default database snapshots are stored in the Amazon U.S. East region. You may request that your backups be stored in the same Amazon Global Infrastructure Region as your TimeTiger application instance.
August 2019