/Security
Duda's security responsibility
Duda is responsible for the overall security of the platform and the managed sites within the platform.
We take this responsibility very seriously. Before reviewing the steps Duda takes behind the scenes to proactively protect you and your clients, let's review Duda's security goals..
Duda's security goals
Maintaining security is a multi-faceted effort with many moving parts. However, the aim of it all is to:
- Prevent downtime for live sites
- Protect site owners and visitors from abusive use by bad actors
- No malicious files shared through Duda sites!
- Protect Duda’s platform from any unauthorized use that could lead to data breaches or cyber attacks
To achieve these security goals, Duda has many technical and organizational operating measures in place to ensure we’re meeting or exceeding industry standards.
Security practices within Duda
Duda adheres to policies designed to maintain global security standards to ensure your sites and data is in good hands. These include:
Cloud security
The Duda platform and managed sites are hosted on AWS. AWS uses state-of-the-art security measures including physical security, strong access control, industry-grade encryption, WAF and network security, intrusion detection, malware protection, DDoS protection, automatic audit, logging and alerting, high-availability, and many others.
In short:
your data is protected!
Secure development
With Duda, security starts at development. Code is written in a way that minimizes risk and is then repeatedly tested for vulnerabilities.
Duda's engineering team follows
OWASP Top 10 security best practices to ensure we're minimizing risk.
Organizational maturity and security awareness
Duda has appointed a dedicated security officer to guide Duda's proactive security measures, monitor risks, and respond to threats as necessary.
Duda follows an ever-improving information security policy aligned with
ISO 27001:2022— a globally recognized data security standard.
In addition, all Duda employees undergo routine security awareness, education, and training sessions.
High availability
Duda's architecture assures high availability both during peak times as well as in the event of large scale DDoS attacks.
Our cloud infrastructure is fully-elastic using robust systems to mitigate attacks such as
AWS Shield Advanced.
Incident response & recovery
Duda's security personnel monitor the system 24x7 and are highly trained in incident response practices.
The team demonstrates top technical skills, allowing them to effectively respond to any incident and minimize recovery time.
Privacy by design
Duda adheres to privacy laws such as GDPR and CCPA. The platform is designed by minimize the risk to Personal Identifiable Information (PII).
Duda provides a set of privacy features which can be utilized by customers to make sure that their sites are GDPR / CCPA ready.
If you're interested in more about Duda's security measures, check out this article in our support portal.
Did you know?
In our Shared Security diagram, you may recall a layer that captures the role of 3rd-party applications. While Duda can't monitor code for every possible app that could be embedded into a site, rest assured that the apps in our app store have gone through a thorough vetting process to ensure that they, too, have good security practices in place.
Let's continue moving outwards in our security model diagram.
Next, we'll review your key security responsibilities: access control, permissions management, and privacy management along with a review of the features Duda provides to help you manage all three.