GroupCamp Security statement

Last update: May 22, 2018

This statement describes all the measures used by GroupCamp to maintain the security of the Platform and to protect customer data. If the current statement does not provide an answer to your security-related questions,  please use the online contact form to get in touch.

Security of files uploaded to GroupCamp compared to the use of regular Email

If your company uses a hosted business email service, please note that the inherent security level provided by GroupCamp is higher than that of a regular email service.

Companies which regularly use email without using encryption for the email message or files attached to the email, do not have fully private communications when their corporate emails are transmitted over the public Internet. GroupCamp on the other hand uses 256 bits SSL encryption for files uploads and downloads between the GroupCamp platform and the user’s browsers. The content (your Word document or Excel spreadsheet) is therefore not visible over the public internet.

Introduction

The GroupCamp service consists of multiple underlying services (www.groupcamp.com) web site, customer accounts, content and data storage, GroupCamp Identity and authentication servers, billing, etc… Each of those underlying services uses the following logical services: load balancing, firewalling, database, data storage, data back-up.

Each logical service runs on a minimum of 2 physical servers. The servers are located in different hosting facilities. The data links between different hosting facilities uses private VLANs(Virtual Local Area Network) or in some cases SSL encrypted tunnels over the public internet.

Logical services, physical servers and network components (routers and switches) are monitored in real time by remote supervision servers and GroupCamp’s hosting support partner.

Please note that GroupCamp services are operated by the GroupCamp's internal Operations team.

High availability mecanisms and resilience of logical services

Firewalling and load balancing services.

The load balancing service allows traffic distribution of all server requests for a given service on all available application servers. The load balancing service also supervises which servers are active in order to direct server requests to available application servers at a given instant.

The load balancing mechanism used by GroupCamp guarantees a full service continuity even in the case of the loss of a physical site.

The firewalling architecture for each system and each web server is based on the inherent mechanisms of the GNU Linux operating system used. This architecture prevents the existence of a single point of failure and a potential bottleneck in the system.

Web services

This logical web service receives and treats requests from user web browsers and therefore supports all logical application requests: HTML page publishing and responses to AJAX requests.

Web services access the logical database service, data storage and may use specific data back-up services.

This service is stateless and runs on multiple physical servers distributed on multiple physical facilities. The redundancy is based on the existence of physically distinct hosting facilities.

Database services

The logical database service treats all requests from Web services and returns the relevant customer data. This service runs on a dedicated physical server which handles 100% of requests. Requests are replicated on a secondary physical server located on a distinct secondary physical site.

In the event of a non availability of a logical web service on a primary site, the secondary database takes over as primary database service by simple re-configuration. A new physical server is then defined as secondary server.

To ensure full integrity of the data present on the secondary server, all background synchronization batch processes are executed on the server. The secondary server also uses a logical data back-up service should a roll-back procedure be required.

Storage service

The storage service is used to store files (for instance the content of the Files application), images (photos, logos, etc…), HTML pages (ie pages of the WIKI application).

The logical storage service uses a minimum of 2 physical facilities for enhanced availability. One of these sites can be the data back up service.

Data back-up service

The data back-up service is controlled by the storage service and/or GroupCamp’s background batch processes for the database service. The Storage service can be located either on GroupCamp's physical services or third-party cloud-based services.

HOSTING & Environmental components

Physical servers

The physical servers used by GroupCamp are based on the logical services which the server should support. All our physical servers are state-of-the art and support full power feed redundancy and LAN access redundancy. Servers which store customer data use RAID technology.

Operating systems & other software components

Software components used by GroupCamp are managed by the GroupCamp operations team. GroupCamp uses open source technologies which guarantees absence of back-doors and fast response in case of security issues. Security patches are systematically applied after thorough testing.

Data Center. Hosting Facilities

GroupCamp uses multiple hosting facilities for its different server farms based in Europe. Access to our hosting facilities is highly secured with advanced badge-controlled room access control mechanisms.

Electric feeds

Our hosting data centers are state of the art and have full double floor protection against fire with neutral gas and related security measures with triple air conditioning based on a mix of air and water.

Dual Electric feeds are provided by 2 separate electric power plants or more on different physical links and backed up by local electric inverters and spare batteries supporting a minimum of half an hour feed capacity (separate from the inverter system). Following that local emergency power systems take over.

Telecoms and IP transit

The global bandwidth to GroupCamp hosting sites use operator class infrastructure. They are distributed over a minimum of 3 physical links using separate paths. The IP transit is provided by multiple providers with a backup and failover mechanism for announced internet routes in case of a loss of one of the IP transit provider. All physical links and underlying routers and switches support full redundancy .

GroupCamp supports the BGP4 protocol for internet route distribution for higher availablilty of internet connectivity. The capacity planning for IP transit is designed to support large bursts of IP data and optimum response times.

Third-party suppliers

GroupCamp has carefully selected its third-party providers based on their ability to provide highly secured and available systems. Our partners are regularly audited by performance monitoring firms. GroupCamp also carries out its own audit and measurement campaigns.

GroupCamp suppliers provide rack space, servers, network, cloud-based systems (for back-up) and hardcare  equipment systems together with financial and legal support.

Communications and Data Security

User password security

All passwords are encrypted in asymmetric mode and stored on secured databases. In case of intrusion, login and password association is not possible.

Browser communications

Traffic between browsers on the user’s desktop and the GroupCamp platform is encrypted with SSL 256 bits. This encryption is used in all common online banking services.

Communications and traffic with third-party suppliers

Traffic exchanged between our providers are encrypted using SSL particularly for regulatory traffic (for instance access to the VIES system for intra-community VAT checks, communication with payment gateways and banking systems)

Should GroupCamp be required to store confidential customer data on third-party suppliers for instance for back-up storage purposes, beyond SSL encryption (for transport layer), the customer data WILL BE ENCRYPTED BEFORE TRANSMISSION TO THE BACK-UP STORAGE SERVICE. The encryption used is of RSA/DSA level with 2048 bits keys.

Internal traffic

Internal data traffic between GroupCamp systems within the same cluster use private links and VLANs.

Email traffic

Email traffic from the platform to the users are not encrypted. Should the customer require that no email notfications be sent from their GroupCamp account, this feature can be disabled for all applications.

As described previously all files uploads and downloads use SSL encryption.

Access by operations staff

Access by the GroupCamp operations team to the platform use strong authentication based ona  pre-established list of SSH keys. Connexions are logged and stored for regular analysis in case of suspicious interventions.

Customer data is accessible by the operations team and all members of the team are required to comply with the GroupCamp Privacy Policy and are legally required to fully comply with all terms of the policy.

Protecting customer data

Data which is stored on all third-party platforms which are not operated by GroupCamp (for instance back-p dtorage services) are systematically encrypted (see above).

On GroupCamp systems, customer data stored is not encypted since GroupCamp would own the means of decoding the encrypted data. The only way for GroupCamp customers to encure full confidentiality of their data would be by pre-encrypting all customer content by using a password encryption or using an AES (equivalent to RSA/DSA) encryption system.

Physical and Logical failure prevention

24h/7d supervision

GroupCamp supports a double level of spervision based on two separate supervision sites for all physical equipment and logical servces. Alarm systems are provided to GroupCamp teams on a 24h/ 7 day a week basis.

Capacity planning

GroupCamp has developed its own clustering technology allowing us to support rapidly evolving customer needs. Our logical Customer Account service which handles all customer plans and offerings can run on distributed clusters located in geographically distinct regions.

A cluster is attributed to a customer during the account setup process. Capacity planning is based on additional cluster roll out. A customer account can be easily migrated from one cluster to another

Fault analysis and account logs

GroupCamp invest heavily in fault analysis and detection systems for its applications. In case of an application malfunction, the GroupCamp operations team can activate application logging system for a given customer account in order to thoroughly analyse all events on a given account. This procedure is described in our Privacy Policy.

Our operations logging information do not provide any information on the customer data but provide a logical and detailed description on the events logged in an account.

See an example of application logs in the screenshot below. GroupCamp may activate more advanced applications logs which may reveal the content of customer data. This activation requires approval by the customer as described in our Privacy Policy.

System restoration after failure

Repairing the temporary loss of a hosting facility

This fault is highly unlikely but may occur in the case of a major electric feed failure or IP data access failure. In this case the GroupCamp service would be fully restored on secondary services located on a different hosting facility.

Loss of data or corrupt database information

In the case of a data corruption by the database service, GroupCamp may be required to use a recent archive to restore the service. This operation may cause the loss of recent updates in a customer account.

Full and complete loss of a hosting facility or cluster.

This scenario has a very low probability and concerns events such as war or natural catastrophes. In that particular case, GroupCamp will rely on its back-up storage service to transfer customer accounts on another cluster located in a different geographical region (if of course the GroupCamp team survives such an event).