Hosting Infrastructure

The mye-coach system is hosted on Heroku (https://www.heroku.com/what), a world leader in PAAS (Platform as a Service), along with several services from Amazon Web Services (specifically Amazon S3 and Amazon RDS).

These partnerships allow us to take advantage of Heroku and Amazon’s expertise in security, availability, and performance while allowing our team to focus on security, privacy, and increased value at the application layer.

It is important to note the following about the security and isolation of each mye-coach instance:

  1. Each mye-coach instance runs as a dedicated Heroku application to ensure all customer data and communications are completely isolated from all other customers.
  2. Each mye-coach instance has a dedicated S3 Amazon bucket for all user-uploaded data. All buckets are private and encrypted.
  3. Each mye-coach instance has its own dedicated (fully encrypted) Amazon RDS (Relational Database System) database.
  4. All communication between the various components of the hosting infrastructure is over SSL (Secure Sockets Layer).
  5. All communication between Users and the mye-coach system is conducted over https, a secure communication protocol that ensures all data between your browser and the system is encrypted. We utilise a highly respected and trusted 3rd party system (https://www.ssllabs.com/) to ensure that we always retain an “A” SSL (Secure Socket Layers) rating.

Detailed information on Heroku security can be found here:

https://www.heroku.com/policy/security

Detailed information on Amazon AWS security can be found here:

https://aws.amazon.com/security/

Specific details on Amazon RDS security (including recommended best practices which we follow) can be found here:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html

Specific details on Amazon S3 security can be found here

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html

Web Application Security

mye-coach is built on the Django framework which has several in-built features to help prevent the most common security attacks. Regular upgrades and security patches are applied as a priority as soon as they become available.

Furthermore, our web developers follow best practices during the development process (including regular unit, integration, and vulnerability testing) to ensure the mye-coach system remains secure.

More information on Django Security can be found here:

https://docs.djangoproject.com/en/2.0/topics/security/