Security & compliance

Security & compliance

  • 1. High level of security authentication for users
  • 2. Kleecks is hosted on the main cloud infrastructure providers
  • 3. All the connections between Kleecks and backend systems are on secure protocols
  • 4. The only data processed are pages publicly accessible by any search engine, any flaws of the original CMS are not within our competence
  • 5. No sensitive data is read or stored in Kleecks.
  • 6. Form inputs are ignored by the system
  • 7. Kleecks can also directly activate anti-DOS, BAN, SQL injection, and Masquerading mechanisms.

Kleecks is a platform with a high level of security.

We are very attentive to security at both the user and system levels.

All areas that Kleecks optimizes are also reachable from any search engine, and if there are, access vulnerabilities must be verified in the CMS.

Any forms or subscriptions to services that require the inclusion of personal data are not processed by Kleecks.

Still, the request is forwarded directly to the server of the original CMS, as it happens before the activation of Kleecks.

We are on track to achieve PCI compliance and customer assessment procedures on the following certifications:

  • ISO/IEC 27001:2017
  • SSAE18
  • accompanying statement of Applicability and for PCI: SOC2 and ROC/AOC

.

TECHNICAL FAQ

User authentication

All accounts/users are protected with double authentication and it is possible to filter the accesses also by IP.

Authorizations/users can grant different powers to different team members, for example limiting the ability to access certain sections or have write permissions only to certain areas

Infrastructure

Our systems are hosted on AWS/OVH/Microsoft and use strict security policies and best practices.

Our services cover multi-country and multi-zone.

The connection to the backend is protected and leverages secure protocols (HTTPS), all connections between the servers and the source are protected end-to-end using TLS;

In many cases there is an improvement with a reduction in the lag to the site, especially for websites where not all the necessary precautions have been taken, as in this example:

In the event of an already highly optimised website, Kleecks introduces a lag of about 0.25 seconds in “aggressive” mode, a small lag that does not penalise performance on the positioning nor the user experience of the end user.

No. All areas that Kleecks optimises can also be reached by any search engine and if there are therefore access vulnerabilities, they must be verified in the CMS. Any forms or subscriptions to services that require the insertion of personal data are not processed by Kleecks, but the request is sent directly to the original CMS server as it already happens before the activation of Kleecks. No sensitive data is therefore read or stored in Kleecks. Anti-DOS, BAN, Sql injection, Masquerading mechanisms can also be activated directly in Kleecks.

Yes. Kleecks absolutely does not change the underlying workflow. The development part of a CMS is not interrupted or changed.

Data

We do not store personal information (confidential data, authentication, etc..) of visitors to your site web, any session protected pages are not read and bypassed;

The only data processed are pages that are publicly accessible from any search engine, any flaws of the native CMS are not our responsibility;

Cyber attack

Form inputs are ignored by the system

We are working with a third-party penetration testing company for each deploy of new version, NEEN S.p.A., which at the moment has not detected any serious issues during testing.

Activation

Kleecks is activated as any CDN such as Cloudflare, Amazon CloudFront CDN, Azure CDN, Cdn77 and the like. It is only necessary to modify the DNS configuration of the site domain by replacing the IP address relating to the type A record corresponding to the domain name with the IP provided by Kleecks.

The activation process from contract signing to deployment takes about a month, including compilation of documents required for configuration, meetings with internal stakeholders, configuration and UAT activities.

Getting started is easy with Kleecks.
Be up and running in just a few weeks.