Overview

Ymonitor is safe to use. Read on for more detailed information.

About servers and sentinels

Sentinels collect data and send it to our servers. Several hundreds of sentinels are currently in use. A sentinel usually is a standard workstation, but can also be a thin client, VDI workspace or even an Arduino device.

The servers receive data from the sentinels, process and visualise it to our customers. Data becomes valuable information. Servers are also used to control the datacollection by the sentinels.

Where is my data located?

Our servers are located in The Netherlands. Sentinels are usually located in The Netherlands as well, exceptions are on customer request.

What data is stored?

Sentinels collect data and send it to our servers. This data typically consists of a monitor ID, transaction names (e.g. Login), result (success or fail) and a response time. When a transaction fails an error code is send, and a screenshot of the end user experience can be included as well.

This data is (temporarily) stored on the sentinel and stored forever on our servers. Our servers offload data to offline storage after 1,5 years.

Other data involved are the scripts that collect the actual data on the sentinels. These scripts are stored on our servers and when required distributed to the sentinels that need the scripts for data collection.

Who has access to my data?

We do not want customers to be able to access other customers data. This is one of our basic architecture principles and starts with separate databases for each customer. However, Ymor employees servicing customers are able to access data from all our customers. This access is required to deliver our high service level.
Please also note the sentinels. Sentinels can be located at customer side under customers responsibility.

Does the server send information to a sentinel?

No. Never. A sentinel always initiates a connection.

Which network ports are used?

A sentinel connects to the server on port 443 using an encrypted HTTPS connection. The sentinel applies certificate pinning. With certificate pinning, the client verifies that a specific certificate is provided by the server. This guarantees that data is send only to the Ymor server.

Is Ymonitor ISO27001 certified?

The datacenter in which the Ymonitor servers are located is ISO27001 certified. Ymonitor itself is planning ISO27001 certification Q1 2016.

What is your patch policy?

We install (security) updates each 2 months. We closely monitor announcements by our software vendors and apply patches when required.

What is your password policy?

Our password policy requires users to renew their password at least every 3 months. After 5 failed login attempts a password is locked. Additional criteria are in place. Passwords are stored on our servers, encrypted using bcrypt.

I have found a security risk, what should I do?

In case you have found a security risk in Ymonitor we expect you to inform us and share the required details. You can contact the Ymor Security Officer, a public PGP key is available to safely send all information. All required information can be found at Ymor.com