Wikispaces Privacy and ProtectionWe take the security of our systems and your data very seriously. The Wikispaces application allows you to specify who has access to your site and the content in it. You decide who has access to your data, and we put the systems in place to support that decision. And that's why many large, security-conscious organizations — including Xerox, IBM, and Dow — feel comfortable trusting their data to Wikispaces.
SecurityOur systems are designed for security and reliability from the ground up, with system configuration practices derived from the NSA's "Guide to the Secure Conﬁguration of Red Hat Enterprise Linux 5." Our configuration policies are programatically applied using Puppet and stored in our version control system. Our servers are secured both by our own firewalls as well as intrusion detection systems and vulnerability scans provided by our service provider. Administrative access to our servers is very limited and always performed via SSH. And, of course, physical access to our servers is always tightly controlled.
Your login information is also closely protected. User authentication is handled by an in-house system. Your passwords are stored in hashed form and are never recorded or reported in plaintext. And we use a trusted-domain model with hourly session refreshes to avoid man-in-the-middle and session replay or fixation attacks.
All authentication requests -- including logins, edits, discussion posts, file uploads -- are validated over an SSL-encrypted connection to Wikispaces. For more protection for your data in transit, you can turn on SSL encryption for all information that travels between your browsers and our servers.
ReliabilityWe’ve built in redundancy at every level to guard your data against even the most catastrophic failure. We operate a fully redundant cluster of servers in a colocation facility with presence in Texas and Virginia, so any of our servers can fail with no impact on service for our customers. Your Private Label site will be served by multiple servers at any given time, and we aggressively add capacity to meet new demand. We use local replication and remote encrypted backups to ensure data is available, even in case of a disaster. Every page and file you upload to your site is stored in more than three locations spread across two US states.
Three external monitoring services watch Wikispaces from dozens of locations around the world; we're notified of problems within minutes, day or night. You can keep track of any disruptions in service at our offsite status page, http://status.wikispaces.com/.