Security Information

LAST UPDATED: 12 Apr, 2018

Lizoc takes security seriously and we know that our customers do too, which is why we have developed EdgeCloud with security in mind from the start.

1. Co-Location (IaaS) Security

At this time, Lizoc Cloud runs on our private infrastructure and both Amazon's EC2 cloud and Microsoft Azure VM computing services. Therefore, it inherits the security features of these platform.

2. EdgeCloud (PaaS) Security

Lizoc has a long history of providing industry-leading responsiveness to security vulnerabilities and managing its online presence on Linux and Windows systems. Lizoc Online is also proactively managed as part of the service.

Our systems are hardened with technologies like:

  • SELinux and Microsoft DSC
  • Process, network, and storage separation
  • Stateful and stateless inspection firewall
  • Proactive monitoring of capacity limits (CPU, disk, memory, etc.)
  • Intrusion detection (files, ports, back doors, etc.)
  • Port monitoring
  • Credential namespace
  • Security compliance frameworks
  • Signature verification and vulnerabilities updated
  • Remote logging
  • Encrypted communications (SSH, SSL, etc.)

Risk assessment and security consultation is provided by the Lizoc Security Guys team.

Network Transport

Private data and logins exchanged with Lizoc Cloud is transmitted over SSL (our web interface utilizes HTTP Strict Transport Security). Application passwords are filtered from our log files and encrypted. Pushing and pulling of private data is done over SSH authentication based on Curve25519 encryption, not passwords, to help prevent brute force cracking. Tools are available for users to deploy similar steps for their applications.

Maintaining Security

The Lizoc Security Guys team helps identify and prevent new exploits. This team frequently tests exploits such as cross site scripting (XSS) and that cookie permissions are set appropriately.

We’re concerned and active about security, but we’re aware that many companies are not comfortable hosting code outside their firewall. For these companies we offer EdgeCloud Platform, a supported version of Lizoc Cloud that can be installed and operated inside your company’s network.

Report and Contribute

If you have any general comments, concerns, or questions about EdgeCloud security, including if you see something that you believe violates Lizoc's terms of service, please email security@lizoc.com. One or more of our team members will review and/or escalate the issue as appropriate.

If you are reporting a security flaw or vulnerability, please contact the Lizoc Security Guys team directly.

Press

Blog