Skip to main content
Server Security
Max Kulow avatar
Written by Max Kulow
Updated over a year ago

The following doc is intended to list working practices at PrintJob and will be constantly reviewed and updated.

Where is PrintJob Data stored? Where is my data stored?

PrintJob (PJ) is partnered with the cloud hosting company Linode.

PrintJob ‘holds’ data on hundreds of companies worldwide, on servers in the UK, Texas, Frankfurt & Sydney. All EU clients are on Frankfurt-based servers.

All data stored is encrypted and cannot be accessed by anyone for whom it is not intended.

What information are we storing?

For people who log in, the minimum data required is name and email. Commonly though, PrintJob will store employee lists, addresses, department IDs, logos, artwork, order data and files such as invoices and stock reports.

Passwords are encrypted. PrintJob does not store any credit card or other payment info.

Access to Data

Access to client data is limited to PrintJob staff. However, since all production and testing work is normally done on isolated and separate servers, PrintJob staff will only access client data when providing support and with clients' implicit permission. Aside from Linode (who don’t have access), PrintJob doesn't currently use subcontractors. If PJ did bring in outside staff, their access would also be limited to test servers, and again, any contact with client data is prohibited unless permission is granted.

PrintJob retains no right to access or share your data beyond what is necessary to provide the service. Also, see Terms and Conditions & Privacy Policy.

All data inputted into the software is the responsibility of the Administrators (Admins – you) and is easily accessible to them. Admins can suspend, delete, create and modify user information. It is the Administrators’ job to look after this data according to their various legal requirements. No Admin has access to any passwords.

Exporting data

Admins can export all users, addresses, departments, orders, stock info etc. At any time.

Development History

The current PrintJob System was launched in 2015 and is in constant development.

ISO

The security and privacy policy of the PJ System is up to date with current thinking and in line with protocols outlined in the documentation published by ISO, the International Standards Organisation and specifically their Information Security documentation here.

GDPR

Most of our security policies were already in line with the announcement of the EUs 2018 stringent privacy and data rules. We made some changes to our handling of cookies and moved our EU server to Frankfurt, but otherwise, we were already fully compliant.

How do these Standards affect PrintJob?

Broadly speaking, the ISO documentation and GDPR describe minimum and best standards and rules on how personal and company data is handled and secured, minimum password requirements, how passwords are stored, how cookies are presented and used, and how all this is protected from unwanted intrusion.

How PrintJob protects your Data

PrintJob works with Linode to provide secure and regular backup routines, load balancing, Apache updates, SSL encryption, Firewall, anti-DOS, antivirus and malware scanning, rootkit monitoring and other measures across all the PJ servers. We receive regular email alerts from Monit, a process supervision tool and email alerts indicating newly blocked IP addresses (we automatically block IP addresses with multiple failed login attempts (ie: antirobot/crawler protection)).

Our servers are protected by the following defences
-fail2ban – against brute force attacks
-iptables – firewalls only allowing access via single access ports
-Ddos – protecting against denial of service (DOS) attacks
-Rkhunter/maldet – runs 24/7 and scans daily, looking for rootkits & malware
-Monit – monitors CPU/RAM usage, disk space, SSH, Apache, Postfix, Mysql, Cron, Syslog, NSD, fixing anything automatically if it can or forcing a restart of components like Apache as well as sending out alerts.

Backups

Three backups are constantly maintained (yesterday, a week ago and a month ago), kept on separate, dedicated backup servers and can be recovered within 2 hrs. We test these backups monthly.

SSL Encryption

All connections to all PrintJob Servers are encrypted via SSL. Front-end systems are automatically protected by SSL encryption if you use your own domain names, a process which happens automatically when you add a domain name.

Limited Role Based Access

Only a user with a password can access the system, and unless they are an Admin user, they will only see a limited amount of data and that which is in accordance with the role to which they are assigned.

No PrintJob client (Admin) can see another client, no company client can see another company, and no department client can see another department.

Shared logins?

PrintJob does not use usernames and does not encourage anyone to share logins. Using emails as the primary identifier discourages sharing logins and is more secure. This is because you cannot access or change any data on the system, including your own, without first verifying your email address. PJ does not encourage people to share any information at all.

Anyone with malicious intent could break into the PJ System, but to do so, they would first have to break into your email. If such a person did break into the customer-facing system, the data they could access would be limited. If an Admins email were hijacked, it would be more serious (The user could steal or delete data (meaning a potential recovery from backup))

To prevent this, we would recommend further security requests, such as screen locks etc., but otherwise, this is outside the scope of this doc.

Single Sign On

PJ offers SSO as a feature, enabling you to link the PJ System with another system, allowing people to use login credentials from other systems to gain access to the PJ System. However, anyone accessing this way is prevented from seeing other users' data. It is very secure.

Passwords

All passwords are encrypted and not visible to anyone at PrintJob. No PJ staff can discover any client passwords. This is by design. If any client wanted PrintJob to tell them their password, we could not do it as they are all encrypted.

Passwords are minimum of 8 characters with no further rules.

Forgot Password?

If someone forgets their password, they must go through the password reset process, which involves triggering an email which is sent to the user. The link in the email allows the user to reset the password. No one can ever ‘look up’ their own or someone elses password or change it for them.

How do we delete users or data?

Admins can suspend users and companies, preventing them from logging in and accessing data. Admins can delete users but not delete companies (which can delete large amounts of info), but can request that PrintJob staff delete them.

Security Testing

PrintJob Systems have not formally been reviewed or tested by ISO or any EU body, but PJ would welcome any questions, interrogations and stress testing reviews conducted by any independent organisation, including defence contractors or government agencies. Such tests are becoming increasingly routine and don’t cost much to commission. They provide peace of mind and advice to all parties to secure data and systems.

Since 2015 PrintJob has never been found to have any serious omissions or flaws in its security policy. PJ has always reacted to the advice given as a consequence of these tests. The weakest link in any security system is personnel – people sharing or writing their passwords. That’s something PJ can't prevent.

Future Development on Security

There is always pressure to increase security.

PJ is debating whether to increase the password requirement to include one uppercase letter, one special character, and one alphanumeric character. However, we’re keen not to impact usability and know that we aren’t a bank.

We could also allow Google or Microsoft logins.

Are you a target? Threats?

One small point. If you or any of your clients have any reason to suspect that your data will be targeted by hackers or agencies, please inform PJ – we may take the precaution to move your systems to dedicated and ‘independent’ servers.

Does PrintJob vet its staff?

Yes. Everyone who works at PrintJob is properly checked to ensure that they do not threaten data security.

How does anyone get Support?

PrintJob Clients (Admins) can communicate directly with PrintJob Support via an in-app communication tool. Help articles are also found on https://printjob.com/support/

Who can see my Support Queries?

Only PrintJob staff.

What happens when the Systems go down?

Our Terms and Conditions page explains this. Downtime does happen, but when it occurs during UK office hours, it has never lasted longer than 3 or 4 hours but is more often less than 20 mins. In worst-case scenario (in the event that the data is unrecoverable) PJ can restore from backups within an hour or so.

Cloud Server Specs

Eight core CPUs, 16GB of RAM, 2000GB of RAID storage and 5000GB of monthly bandwidth on all servers. Further upgrades are possible.

Did this answer your question?