Security

Assets with Uploadcare

21RISK end-users often upload static files to our web-application, when answering actions ore filling out reports. To provide an excellent UX, and free up resources at 21RISK to focus on our core business, we have partnered with Uploadcare

In the 21RISK web-application, the upload code looks like the following:

When uploading

When the end-user starts a file-upload, the follwing process starts:

  1. The user selects a file (or drag a file) onto the 21RISK client.
  2. The client sends a request for the 21RISK server.
  3. On the 21RISK server, we validate if the user has access to the given resource, and if yes, issue a signed upload link.
  4. On the 21RISK client, the signed upload will now upload directly to uploadcare.

To make sure authorized users can upload files to uploadcare, we use signed uploads . The key is a HMAC/SHA256, and is required when uploading.

All files that are uploaded files are run through (malware protection)[https://uploadcare.com/docs/security/malware-protection/].

Uploadcare automatically detects infected or malicious files, preventing your users from uploading them and helping you avoid distributing such files. Turning Malware protection on will make sure your app is secure and compliant. All files are checked by ClamAV (open-source antivirus engine).

Note

To protect against users uploading executables, we only allow Audio, Documents, Fonts, Images and Video MIME types.

All uploads to Uploadcare use the 21RISK domain upload.21risk.com

When downloading

When a file upload to Uploadcare is done, we save the ID of the resource in our application database.

We then fetch the resource from the Uploadcare global cache, with a custom domain name ( assets.21risk.com )

https://assets.21risk.com/<asset-id>

Backup to AWS S3

To keep files backed up, we also transfer the files to an AWS S3 bucket in eu-west-1.

This backup feature, is configured directly in Uploadcare.

You can read more about uploading

Compliance

Uploadcare are compliant on SOC 2 and various other standards:

Uploadcare is committed to complying with industry-standard privacy and security measures and all applicable laws and regulations to keep customer and end-user data safe and secure: SOC 2, HIPAA, GDPR. Learn more about it in our Trust Center.3

To read more, please refer to Uploadcares trust center here .