Backup, Security, and Hosting

To say that security is important to us would be a huge understatement. Security is a top priority at ButterCMS, and we live it in our day-to-day activities.

Our Senior Management team is accountable for security and ensures that security capabilities and competence exist at all levels of our business. We follow a holistic and collaborative approach to guarantee the confidentiality, availability, and integrity of your data. On this page, you can read about the various policies and security measures taken by ButterCMS to secure user content and data hosted on our platform from unauthorized access.

Our infrastructure runs on Heroku and Amazon Web Services (AWS), which delivers infrastructure as a service with prime security capabilities.

The data centers used for storing your content and that allow it to be delivered to your users are also certified for compliance with the ISO 27001 standard.

Learn more about Heroku’s Compliance.

Your data is encrypted at rest. AES256 encryption is used by default. This ensures the content is preserved and safe from prying eyes and manipulation.

All user passwords are hashed using the Bcrypt password hashing function and stored in the database. Bcrypt uses salts and 11 rounds of algorithm to increase the complexity of hashing to minimize the risk of passwords being cracked.

All communication between you, your services, and ButterCMS, which includes your data, traverses the Internet via encrypted HTTPS traffic using TLS v1.2. In addition, data is also encrypted during transit between ButterCMS and our Content Delivery Networks (CDNs). This encryption during communication ensures information cannot be read or manipulated by unauthorized third parties.

Our infrastructure, web applications, and APIs are penetration-tested in collaboration with your security team's needs. Any vulnerabilities found are fixed based our specifications in an internal SLA.

We perform daily database backups. Backup data is encrypted at rest using AES-256 encryption.

Access to your data is extremely restricted. We have hand-picked and trained support staff and Engineers that, after your explicit permission, are able to help fix your problem by accessing the data that you have authorized. 

We do not have data centers. The physical security of our servers and to your data is managed by Heroku. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

• ISO 27001
• SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
• PCI Level 1
• FISMA Moderate
• Sarbanes-Oxley (SOX)

Physical security at our offices is also governed by our security program.

Networking in the cloud is very different from the standard data center. All communications to and from our servers are controlled by tight security groups, an AWS security feature for stateful firewalling.

Applications available on the internet are constantly under threat of attacks. One of the protections implemented to protect our applications is the Web Application Firewall delivered by our security CDN. Furthermore, a second layer of defense is provided by AWS WAF for all our applications.

We monitor and respond to threats when they happen. We detect inbound and outbound connections from and to known malicious IP addresses, as well as unusual or unauthorized activities in our accounts.

To protect our users from attacks, we leverage browser protections such as HTTP Strict Transport Protection. We also constantly monitor our SSL configuration rating, for which our minimum target is an A grade for all our general domains and an A+ for all domains under our full control.

Your data lives in our servers for as long as you need it. Our Data Retention Policy and Data Classification Policy govern the way we manage data that needs deletion and retirement.

To protect your account from being compromised by brute forcing our web application and APIs, we implement rate limits and captchas.

Access to customer data is logged along with SSH session commands in production. This provides a trail that can be easily followed in any security audits.

One way users can protect their ButterCMS accounts is by utilizing corporate SSO.

Our infrastructure runs in Amazon Web Services, minimizing disruptions caused by any failure and keeping your content constantly available. Elastic Load Balancers are used to automatically split the load and segregate traffic from the Internet to all nodes of our frontend layer.

Our Content API traffic is served directly by Fastly, our global choice of content delivery network. We heavily utilize Fastly’s API for cache population and invalidation, so that in the unlikely event our infrastructure ever experiences technical difficulties, content can still be served by the CDN and remain online in the meantime.

Our APIs and web application are protected in multiple ways against denial of service attacks. AWS provides volumetric denial of service protection through AWS Shield and Elastic Load Balancing to ensure high availability. Our Fastly CDN performs denial of service protection.

ButterCMS utilizes database replication architectures to ensure redundancy and uptime. Encrypted backups are made frequently and stored both onsite at the data center and copied to a remote storage location. Each key service layer has redundant components, such as multiple servers that provide the same service and content, to ensure any failures do not impact the rest of the system. Data centers are also equipped with controls to enforce physical security and protection against environmental hazards

All our software development kits are open source, and we encourage contribution from the community. To further facilitate that, we engage with developers and users of our APIs through our SDKs, and we document our development decisions on GitHub.

All vulnerabilities are managed internally. Once a vulnerability is detected, it is assigned a score using the CVSS scoring system, and an owner. We have an internal SLA that stipulates deadlines for fixing vulnerabilities. Progress is tracked by tools and, if necessary, a post-mortem is arranged as a learning exercise for our engineers to improve code security.

Our development process is based on GitHub’s pull request mechanism. Once a commit is made to a branch in a specific repository, the code is reviewed by members of the same team or from other engineering teams. Only once the pull request is approved by all tagged engineers is the code moved along in the development life cycle. 

When code is committed to GitHub, our continuous integration process automatically initiates a series of tests. One such test is automatic static code analysis, which is configured to find vulnerabilities, both in the code and within its dependencies. Dependency management is performed locally per repository, where all dependencies are tagged by version and downloaded from reputable sources over encrypted HTTPS.

Once the code is ready to be tested, it is deployed to our staging environment. This environment runs a downscaled version of the production infrastructure. We run further automated test suites to ensure no regressions in our UX.

Security is part of the product organization and influences the product roadmap and specific features. We implement the philosophy of “security by design”, in which security features are embedded in the product and architecture design to ensure existing and new functionalities are free of vulnerabilities. We believe that engineers should be responsible for the code they create and have an established culture of accountability, which leads to a high level of code quality and security being maintained.

ButterCMS continually watches for any indicators of possible impending incidents. To supplement this, any event-alerting tools we use also escalate into PagerDuty rotations for ButterCMS’s 24x7 incident response team. We also maintain an incident response plan that details ways to address an incident, including the processes of notification, escalation, managing, and reporting as a result of an incident.

All ButterCMS employees and contracted third-parties are required to comply with ButterCMS policies relevant to their scope of work, including security and data privacy policies. Our standard work contract includes confidentiality clauses.

ButterCMS ensures its employees undergo regular security and privacy training. Employees with developer and administrative roles also undergo secure code training annually, while employees with responsibilities in the area of information security are also provided with additional training on security protection techniques, risks, and latest trends.

ButterCMS uses an integration with Stripe’s infrastructure to process credit card payments, which means that no credit card information or related personal information is stored on our servers. Stripe enforces stringent PCI DSS (Payment Card Industry) compliance criteria to ensure that any data stored and/or processed on its servers is handled in a secure way.

In addition to privacy and safety measures, Stripe employs an extensive range of checks designed to minimize payment fraud and unauthorized access. These checks include 3D-Secure authorization, credit card background checks, flagging suspicious transactions for manual verification, and real-time monitoring of payment transactions with automated anti-fraud algorithms.

To ensure an acceptable level of password security, our password policy disallows overly generic passwords. The use of unique passwords per website is strongly advised. We also encourage the use of password managers, like LastPass, that help make it easier and safer for you to keep track of your credentials.

We provide Single Sign-On capabilities via SAMLv2. This means our customers have full control over who has access to the use of their account with our product and how authentication takes place. Customers can implement their own password policies and multi-factor authentication implementations.

Your data is protected behind multiple API keys, which are used in different contexts for particular use cases. Keys are assigned to the user and correspond to the user’s privileges associated with an organization and space. Our application enforces authorization for every API call, apart from calls for assets.

ButterCMS highly encourages the use of roles and permissions in order to provide different users with different levels of access rights to content, features, and functionality. This is in line with “least privilege” and “need to know” security principles, which adds another safeguarding layer to prevent unauthorized access and limit damage in the event of a user’s credentials being compromised.

While all activities relevant to content and data traversing the Internet are conducted with HTTPS enforced on ButterCMS’s side, we absolutely recommend that customers and users also enforce HTTPS, so that content and data integrity is maintained and free from manipulation as it is served from our service to your users’ machines. The use of HTTPS websites also safeguards your important data and credentials away from the view of unauthorized third-parties.

In order to sign up with ButterCMS, it is required to create a secure password that is a minimum of 8 characters and has a combination of alphabet letters, numbers, and special characters.

The current modern digital age comprises devices in many different forms, such as desktop machines, laptops, smartphones, smart watches, and tablets. These devices are usually connected with other computing devices and share information, and in many cases, they may also connect with banks to conduct financial transactions. All of these devices are potentially vulnerable to misuse by unauthorized users, and therefore, users should always protect them with strong and secure passwords.

Following are some recommendations to create a secure password:

• Create long and complex passwords. Avoid using important dates (such as birthdays, anniversaries) and common names (or names that can be associated with you) as passwords.
• Use a combination of upper and lower case alphabet letters, numbers, and special characters.
• Change your password frequently.
• Avoid using a password that you are already using for any other services. Try and have different passwords for every respective service. Alternatively, you can also use password manager or other similar services.
• Create an additional layer of security by using services like two-factor authentication or passcodes (especially on your mobile phones).
• Do not write the passwords down, as it makes it easier to be stolen and used by someone else.

Learn more about insecure passwords that have previously exposed in data breaches. This exposure makes them unsuitable for ongoing use, as they’re at much greater risk of being used to take over other accounts.

Incidents can happen to anyone—we are ready for such an event when it happens. We manage security incidents via a documented process, which includes notification of and cooperation with customers, data protection authorities, and law enforcement. ButterCMS will notify affected customers without undue delay following incident detection. We will share a preliminary assessment of the incident and invite cooperation. 

ButterCMS applies a systematic approach to managing change so that changes to customer-impacting services are thoroughly reviewed, tested, approved, and well-communicated. The ButterCMS change management process is designed to avoid unintended service disruptions and to maintain the integrity of service to the customer. Changes deployed into production environments are:

• Reviewed–Peer reviews of the technical aspects of a change are required.
• Tested–Changes being applied are tested to help ensure they will behave as expected and not adversely impact security.
• Approved–All changes must be authorized in order to provide appropriate oversight and understanding of business impact.