Shared Contacts for Gmail® is dealing with contact information, which very often contains personal data., which manipulation is severely regulated.
We are taking data security very seriously and, as a Google Premium Partner, we are required to abide by numerous security rules. In addition to that, our clients include financial institutions, hospitals, and Fortune 500 companies that require us to provide top of the range security processes.
The general approach towards security is following EBIOS methodology (the main method used in France)
The approach to prevent unauthorized access of our customer data are based on the following principles:
3 main risk sources are taken care of:
Data is exclusively hosted on secured servers, provided by Google Cloud (Google Compute Platform Infrastructure) and data does never transit on other types of hardwares (USB, CDs, mobile phones, local computers etc..).
Databases hosting our customers’ data are secured and password protected inside the network. Only managers/team leaders have full to the live data. Developers work on staging data and do not have the possibility to access live data.
Database and gateways passwords are secured in a hard-encryption file that is stored on a separate server and that is used once by live server at each deployment.
We are using a minimal number of third-party tools (Mongo DB, Zabbix etc.) and every installation of a new software has to undergo a strict security clearance, including trojans or spywares. Similarly to the Database, only users who need to access these softwares have credentials and authorization to use them.
Our network is exclusively web-based on Google architecture. We have one employee assigned full-time to security management and access permissions.
Infrastructure access (for instance FTP) is protected by 4 level of restrictions :