What does Lilypad's infrastructure look like?
Although we keep some details of our backend infrastructure secret in order to protect our clients, there are certainly some details we're happy to share! Let's start with a look into some of the security practices used by our team to protect the infrastructure which powers Lilypad:
Mandatory two-factor authentication/2FA (or passkey auth where possible) on all external services that Lilypad uses, such as Crisp (our live chat & helpdesk software), Google Workspace and GitHub
Any staff with access to sensitive/customer information have up-to-date antivirus software on their computers
We ensure staff only have access to the data necessary for their job, and make use of tools like Cloudflare Zero Trust to enable this
No Lilypad staff store customer data locally, and if needed, only do so temporarily and with strictly the data necessary for the intended purpose
What about security measures we take on systems that we run?
We operate under an assume-breach mentality, which ensures we take a proactive approach when it comes to keeping our systems safe
We use SSH keys instead of password-based authentication on all Linux-powered nodes operated by Lilypad
We use the latest version of Debian as the operating system on all our nodes, which is renowned for its stability and security
Sensitive information stored on our systems, like clients' passwords, are heavily encrypted
All systems we operate have firewalls in place to ensure the legitimacy of all inbound traffic
Internal services are protected by Cloudflare Access in order to only allow authorised users
Domains operated by Lilypad are protected with DNSSEC to authenticate all DNS records we have in place
TLS/SSL certificates are used across the board to protect data being transferred between users and our systems
ECC TLS certificates are used for communication between Cloudflare and our systems
HSTS (HTTP Strict Transport Security) is enabled on all domains we operate to protect against man-in-the-middle attacks
And ensuring reliability across our systems?
We have automatic monitoring in place to alert us in advance of any potential downtime, or in the event it does occur, along with the information needed to allow us to mitigate the issue as quickly as possible
DDoS protection is in place across all systems, using a variety of providers like Cloudflare and Cosmic Guard who have the capacity to mitigate terabit-scale attacks, and defend against a variety of attack vectors
Load balancing and database replication are used wherever possible to ensure maximum uptime and reliability
If you ever have any queries or concerns about the security or integrity of our systems, please don't hesitate to send an email to josh[at]lilypad[dot]gg
Mandatory two-factor authentication/2FA (or passkey auth where possible) on all external services that Lilypad uses, such as Crisp (our live chat & helpdesk software), Google Workspace and GitHub
Any staff with access to sensitive/customer information have up-to-date antivirus software on their computers
We ensure staff only have access to the data necessary for their job, and make use of tools like Cloudflare Zero Trust to enable this
No Lilypad staff store customer data locally, and if needed, only do so temporarily and with strictly the data necessary for the intended purpose
What about security measures we take on systems that we run?
We operate under an assume-breach mentality, which ensures we take a proactive approach when it comes to keeping our systems safe
We use SSH keys instead of password-based authentication on all Linux-powered nodes operated by Lilypad
We use the latest version of Debian as the operating system on all our nodes, which is renowned for its stability and security
Sensitive information stored on our systems, like clients' passwords, are heavily encrypted
All systems we operate have firewalls in place to ensure the legitimacy of all inbound traffic
Internal services are protected by Cloudflare Access in order to only allow authorised users
Domains operated by Lilypad are protected with DNSSEC to authenticate all DNS records we have in place
TLS/SSL certificates are used across the board to protect data being transferred between users and our systems
ECC TLS certificates are used for communication between Cloudflare and our systems
HSTS (HTTP Strict Transport Security) is enabled on all domains we operate to protect against man-in-the-middle attacks
And ensuring reliability across our systems?
We have automatic monitoring in place to alert us in advance of any potential downtime, or in the event it does occur, along with the information needed to allow us to mitigate the issue as quickly as possible
DDoS protection is in place across all systems, using a variety of providers like Cloudflare and Cosmic Guard who have the capacity to mitigate terabit-scale attacks, and defend against a variety of attack vectors
Load balancing and database replication are used wherever possible to ensure maximum uptime and reliability
If you ever have any queries or concerns about the security or integrity of our systems, please don't hesitate to send an email to josh[at]lilypad[dot]gg
Updated on: 07/01/2024
Thank you!