CM4all Technology – Developed with Security in Mind
Operating system and system components
We rely on leading Linux versions for the operating systems of installations in our OEM partners data centers. Components from other providers that are used also meet strict industry standards. Frequent updates ensure that potential security gaps are continuously eliminated.
All design and content data (XSL and XML) is stored redundantly and backed up to prevent any loss of customer data. The data storage can be further enhanced by redundant cluster architectures on demand.
The possibility of unauthorized access to customer website data is eliminated.
Encrypted API communication
An easy-to-integrate standard API is available for creating, managing and deleting user accounts. In addition, a dedicated reseller API can be implemented upon request.
All API communication between the CM4all implementation and OEM provisioning system takes place following the authentication of the requesting server. Moreover, it can also be entirely SSL-encrypted. This eliminates the possibility of account data manipulation by unauthorized parties.
User authentication is carried out by the OEM customer and is therefore automatically subject to their existing security standards. The customer logs on remotely via API with requesting server authentication, which means that double security is always ensured.
Client Side Encryption
Within our data storage solution CM4all OnlineDrive we offer the possibility of file encryption for back up files. Customers can set an individual password, files that are backed up will then be saved as a 128-bit encrypted ZIP file with the file ending .encr.
System administration and monitoring
Reliability and scalability are important prerequisites for a successful Internet service. For this reason, CM4all administrators monitor the functions of CM4all implementations 24 hours a day.
They analyze the situation and ensure that the system is functioning properly. Administration is carried out via SSH encryption, eliminating the possibility of unauthorized system access.