OLN™ Security

We know your data are your intellectual properties, extremely important to you and your business. A single chemical structure, biological sequence could be a multi-billion-dollar drug. We’re very protective of it.

Physical Security

  • - OLN data is housed in a multi-million dollar SAS70 Type II Certified Data Center located in Boston, MA which are staffed 24 hours a day, 7 days a week. Staffed with a highly trained team of experienced professionals, and equipped with a wide variety of state of the art software and hardware solutions, this team has what it takes to make InetServices' network among the most reliable in the industry
  • - Datacenter access is physically isolated from everyone but level three technicians. Public access is strictly forbidden. The datacenter is completely locked down at all times.
  • - The facility is under video surveillance and monitored 24x7x365 by the NOC. Furthermore, all equipment is housed in locked cabinets to provide the highest level of security to your server(s).
  • - Data center access limited to data center technicians
  • - Biometric scanning for controlled data center access
  • - Security camera monitoring at all data center locations
  • - 24x7 onsite staff provides additional protection against unauthorized entry
  • - Unmarked facilities to help maintain low profile
  • - Physical security audited by an independent firm

System Security

  • - System installation using hardened, patched OS
  • - System patching configured to provide ongoing protection from exploits
  • - Dedicated firewall and VPN services to help block unauthorized system access
  • - Data protection managed backup solutions
  • - Dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access
  • - Distributed Denial of Service (DDoS) mitigation services
  • - Risk assessment and security consultation by professional services teams

Operational Security

  • - ISO 17799 based policies and procedures, regularly reviewed as part of the SAS70 Type II audit process
  • - Systems access logged and tracked for auditing purposes
  • - Secure document-destruction policies for all sensitive information
  • - Fully documented change-management procedures
  • - Independently audited disaster recovery and business continuity plans in place

Software Security

We employ a team of 24/7/365 server specialists to keep our software and its dependencies up to date eliminating potential security vulnerabilities. They have also setup a wide range of monitoring solutions for preventing and eliminating attacks to the site.

Communications

All private data exchanged with Scilligence is always transmitted over SSL (the same data transporting solution that you access your online bank account). All pushing and pulling of private data is done over SSH authenticated with keys, not passwords.
The SSH login credentials used to push and pull can not be used to access a shell or the filesystem. All users are virtual (meaning they have no user account on our machines) and are access controlled through the peer reviewed.

File system and backups

Every piece of hardware we use has an identical copy ready and waiting for an immediate hot-swap in case of hardware or software failure. Every line of code we store is saved on a minimum of three different servers, including an off-site backup just in case a meteor ever hits the datacenter (we’ll keep our fingers crossed that doesn’t happen). We do not retroactively remove repositories from backups when deleted by the user, as we may need to restore the repo for the user if it was removed accidentally.
We do not encrypt repositories on disk because it would not be any more secure: the website and OLN back-end would need to decrypt the repositories on demand, slowing down response times. Any user with shell access to the file system would have access to the decryption routine, thus negating any security it provides. Therefore, we focus on making our machines and network as secure as possible.

Employee access

No Scilligence employees ever access private databases unless required to for support reasons. Support staff may log into your account to access settings related to your support issue. In rare cases staff may need to pull a clone of your data, this will only be done with your consent. Support staff does not have direct access to any of your databases. When working a support issue we do our best to respect your privacy as much as possible, we only access the files and settings needed to resolve your issue.

Maintaining security

We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and encrypted. Login information is always sent over SSL. You can set up strong-password and password-expiration mechanism.
We keep a security consultant on retainer to help identify and prevent new attack vectors. We always test new features in order to cut out potential attacks.
We’re extremely concerned and active about security, but we’re aware that many companies are not comfortable storing their intellectual property data outside their firewall. For these companies we offer OLN Enterprise, a version of OLN that can be installed to your in-house servers within your company’s network.

Credit card safety

When you sign up for a paid account on Scilligence, we do not store any of your card information on our servers. It’s handed off to Braintree Payment Solutions, a company dedicated to storing your sensitive data on PCI-Compliant servers.

Contact Us

Have a question, concern, or comment about Scilligence security? Please email support@scilligencecom for general inquiries and security@scilligence.com for emergencies.

Need to report something?

Please email us immediately at security@scilligence.com, this will go directly to one or more of the Scilligence founders and will receive our full attention. If we don’t respond immediately, there’s a good chance we’re trying to fix it first.