<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=348068&amp;fmt=gif">
Couchdrop Cloud SFTP logo

At Couchdrop we understand that your data is sensitive and valuable and that is why we put data security at the forefront of everything we do.

Here are some of the ways that Couchdrop keeps your data secure.

 

Couchdrop SFTP

Couchdrop is the SFTP and MFT platform for the cloud that is trusted by compliance based organization's globally.

couchdrop mft sftp

 

Movebot

Movebot makes data migrations frictionless and is built on Couchdrop's cloud technology. Movebot supports MSPs and enterprises with their migration projects.

Movebot_Logo  

Data encryption

All data that passes between you and Couchdrop is encrypted using industry-standard security protocols.

Couchdrop encrypts all data at rest with AES-256, including databases, document files, backups and logs.

Data is protected in transit using HTTPS with TLS 1.2 and above and SSL via SFTP and FTPS.

Key management 

Couchdrop follows strict and modern key management techniques using 1password and Doppler for password and production key/config management

 

Access control and Infrastructure

Couchdrop's server instances, file storage and databases are provided and hosted by either Digital Ocean or Amazon Web Services.

Digital Ocean and Amazon Web Services have achieved SOC2 (SAS70 Type 2) and ISO 27001 certifications.

Only explicit engineering team members have access to production systems and data. Any access is governed by internal security policies and requires CTO approval. You as a customer have the ability to disable Couchdrop access to your account through the product.


Background verification checks

All new staff undergo police and reference checks prior to being employed. 

 

Confidentiality requirements

All employees are subject to perpetual confidentiality agreements.

Security awareness

All new employees participate in an information security induction and are required to review and sign Couchdrop's information security policies prior to their first day.

New employees also participate in an online security awareness training program as part of their onboarding and receive refresher training annually thereafter.

Couchdrop conducts periodic security awareness sessions for all staff annually on selected security and privacy related topics

 

Development process

All changes to the Couchdrop platform go through formal change control procedures. Couchdrop follows a Lean Kanban approach to development ensuring that Couchdrop is constantly delivering value to its customers. 

 

Couchdrop follows OWASP security principles by design and all development is peer reviewed before going through approval gates by a software architect, QA manager and senior management prior to production release.

 

Updates and patches

Couchdrop's web and file servers run the Ubuntu Linux operating system distribution (currently, version 18.04 LTS) which is delivered via Docker containers. 

 

Couchdrop subscribes to the security announcement mailing lists for Linux, Ubuntu and Python, as well as other platform dependencies. Critical security updates are deployed as soon as possible once they are released, this is done by using the automatic package upgrade installation system.

 

Couchdrop utilises Docker Hub's vulnerability scanning platform and Datadog's SCIM platform for security event monitoring.


Security and Compliance Certifications

 

SOC_CPA_Blue.              Cyber-Essentials-Badge-High-Res

Access our Trust Center and download our compliance pack

 

You can visit our Trust Center for detailed information on our security posture.

 

Trust Center

security_whitepaper_screenshot