Trust & Security

Security Overview

A summary of the technical and organizational controls Drillber uses to protect customer data and platform integrity.

Overview

Drillber is a multi-tenant SaaS platform built for security professionals. We apply defense-in-depth across infrastructure, application, and operational layers. This page summarizes our public security posture.

AES-256-GCM at rest TLS 1.2+ in transit Multi-tenant isolation GDPR-ready

Infrastructure Highlights

  • Hosted on Google Cloud Platform (europe-west1), with managed PostgreSQL (Cloud SQL) and Redis (Memorystore).
  • Application runs on Cloud Run — fully managed, auto-scaling, no persistent VMs to patch.
  • Static frontend served via Firebase Hosting with Google-managed CDN and TLS.
  • All storage buckets are private with no public ACLs.
  • Database connections use TLS; Redis connections use TLS (rediss://) with AUTH.

Identity & Access

  • Authentication: JWT-based with short-lived tokens. Password login uses bcrypt hashing (cost factor 10+). Google OAuth supported.
  • Multi-factor: OTP via email supported for non-admin accounts.
  • Role-based access: system_admin · tenant_admin · org_admin · facilitator · participant · observer. Every API call is scoped to the authenticated user's tenant.
  • Account lockout: Brute-force protection with configurable lockout after repeated failures.
  • Password policy: Minimum length, complexity, and re-use restrictions enforced server-side.

Data Protection

  • PII encryption: Email addresses and mobile numbers are encrypted at rest using AES-256-GCM with a unique IV per record. Deterministic HMAC-SHA256 hashes are used for lookups.
  • Multi-tenant isolation: Every database query is scoped by tenant_id. Cross-tenant data access is architecturally prevented.
  • Secrets management: All secrets (encryption keys, OAuth credentials, DB passwords) are stored in GCP Secret Manager. No secrets in environment variables or source code.
  • Data residency: All data resides in the EU (europe-west1) by default.

Application Hardening

  • All API inputs validated with class-validator DTOs; parameterized queries only — no string-concatenated SQL.
  • Global rate limiting (throttler) on all endpoints to prevent abuse.
  • Content Security Policy (CSP) headers on all responses.
  • Participant exercise links use cryptographically random tokens (UUID v4); no guessable IDs.
  • Dependency updates reviewed regularly; no known-vulnerable packages in production.

Operational Controls

  • Audit log of all admin and facilitator actions (tenant-scoped).
  • System-admin cross-tenant audit log accessible only to Drillber ops dashboard (IAP-protected).
  • Deployments via CI/CD pipeline (Cloud Build); Docker images are non-root with dumb-init.
  • Firewall rules restrict SSH and RDP; ICMP limited; only HTTPS inbound.

Privacy & Retention

  • Participant exercise links are tokenized — participants are never required to create an account.
  • Customer data is retained while the account is active. Deletion requests are fulfilled within 30 days.
  • We do not sell personal data to third parties.
  • See our full Privacy Policy for details.

Responsible Disclosure

If you discover a security vulnerability in Drillber, please report it responsibly to hello@drillber.io. We aim to acknowledge reports within 48 hours and resolve confirmed issues promptly. We appreciate coordinated disclosure.