Security
Database as a service
21RISK uses Postgres as the underlying database for our application code. We don't host Postgres in-house, but use the Database-as-a-Service (DBaaS) Planetscale . When developing locally, we use a local postgres instance. When investigating issues in production, we either:
- Investigate the issue in our stage environment
- Restore production data to the stage cluster
We use a dedicated instance in Planetscale.
Our produciton cluster is located in AWS (eu-central-1). Multi region backups are distributed to Cloudflare .
Backup restore procedures
To restore a production backup, we follow this procedure:
- Navigate to the backups page in Planetscale
- Go to the Backup list, and choose the restore to new branch
- After a good cup of cooffee, the backup is restored.
We have a video that demonstrates the backup restore procedure. Reach out to support@21risk.com if you would like this evidence.
To monitor the database for anomities, we utilize the Planetscale Metrics, and alerts.
Planetscale Encryption Planetscale Encryption
TLS (Transport Encryption)
TLS is configured with SSL required, read more here
Encryption at rest
All our data in Planetscale is encrypted as rest, as this is default at Planetscale, read more here .
Authorization and Roles
Access to our production environment in Planetscale is configured with limited access to dev/stage/review-apps to enforce the principle of least privilege.