Data Encryption adn security.

[LJinFLA]

I did a search on this topic but didn't find anything specific other than saying that security matters to you and your staff.  I guess my board needs to know a bit more about your software security.  I understand GoDaddy's physical security of the servers, but I am concerned about security of the data on the system itself.  I know that the the login security layer is good, and that the connect is HTTPS, but does the data exist in an unencrypted state on the servers are any point in time?  Do you or your team of programmers have access to our team's data?  IS there any monitoring for hacking which GoDaddy provides you or which you have the capability of doing.  I know this is free, but I have to ask.  I think you have done tremendous work here, but there may be certain limitations of that model when it comes to security.  I would appreciate your candor on this subject.

Thanks,

Lee

[Radishworks]

Lee,

You may have already seen this post: http://www.radishworks.com/forum/index.php?topic=123.msg452#msg452

I can give you some general comments RE your questions, but we do not share details about specific security measures - for security reasons.   Some critical information is encrypted on the server and not visible to anyone, even Radishworks.  Your mission and team information is visible to Radishworks - If it wasn't, testing and trouble shooting would be impossible, just like you would expect your banking information to be visible to those who work for the bank.  Yes, there are measures in place to prevent and catch hacking. 

Mike,
Radishworks

[LJinFLA]

Yes, I am in the banking software business as my profession and There are those who are given access to ids which allow them service my account from secure terminals on bank facilities. However, the data in most systems is kept encrypted in all places on the machines and only decrypted when the authorized ids and terminals decrypt it. The data never exists anywhere in memory or storage in an unencrypted state.  You also have to remember that banking machines are located on their own data center floor in most cases. As for web access to banking systems, there are very strict federal regulations on access security and encryption of data.

Again I know this is a free system and all of that may not be possible, but you should be able to give enough information about your system to users to assure them that data encryption standards will hold up to hackers who simply crack user id security or find a hole in the OS and get to the drives.

That said, can you tell us at least if the team information and mission data is encrypted on disk and in memory and to what standard?

Thanks again,

Lee

[Radishworks]

Some critical data is encrypted on disk and in memory at all times, I cannot detail what data is encrypted and what is not. 

I'm sorry, I can not give any more details as to our security measures. 

Mike
Radishworks

[LJinFLA]

I really want to use your software, but I need help in convincing the board about the security of information. I need more than this or I will fail.  In our business we get potential customers or users to sign non-disclosure agreements do background checks. Etc. I don't know how practical this is in this case.  A non-disclosure would be easy, background check would need to be paid for which I am willing to pay for since this is a free package.  There must be something we can do to get more information.  It does not have to be done online.  There must be something which can be worked out.  How about  a donation of some kind?  I am willing to discuss anything.

[Radishworks]

A PM has been sent to you.