Sitefinity Insight Keeps its Promises

As a Software-as-a-Service product, available to our customers 24/7/365 while delivering new features frequently, Sitefinity Insight must keep its promises.

In today’s world we are forced to use many, many instruments (software, apps, etc.) to achieve our business goals and achieve them fast, right away. We don’t question our necessities to do so anymore as we know that if we don’t do it, if we are not competitive enough, then our business loses ground exponentially, and we fall behind our competitors before we can even comprehend what happened. So, we don’t question the necessity and rightfully so. But think about that: Does that mean you should automatically trust any given service out there, in the cloud, trust that it will keep you safe, and your website, your data, etc.? Why would you trust a microservices oriented product, hosted in the cloud, operating on your website, handling tons of data on your behalf? What would be your trust criteria?

Well, with Progress Sitefinity Insight we offer you two simple promises to consider.

Availability: We strive for high availability and the best way to prove it is by sharing actual results, The actual measured availability of the Sitefinity Insight services in the last year was as high as 99.98%.

Security: We will keep our components free of malicious code while continually delivering you new features. Seamlessly.

Availability

Uptime

Sitefinity Insight components are under constant monitoring from multiple locations around the world to ensure global availability. Those locations are also deployment-region-aware, so as to guarantee that a given component instance is available from the relevant geographical region. Here’s a sample list:

Performance

Performance indicators of Sitefinity Insight components are under constant monitoring too. To ensure our product’s operation is within the desired thresholds, we have a live update on what’s happening at any given Sitefinity Insight component, in any region, as we speak. Furthermore, should an operational threshold break our infrastructure will auto scale due to the relevant performance monitoring alarm that has been triggered.

Functionality

Thorough functional tests are executed regularly towards the production environment in all regions to ensure the system is not only available but also capable of executing all its features.

Security

We follow the best practices in Continuous Delivery (CD), which simultaneously allow us to bring new features into production frequently as well as enforce our high standards on any code changes that qualify for promotion. Furthermore, our CD processes (among others in the company) have been audited according to the rigorous SOC 2 framework.

Automated Tests

We practice test driven development, thus our list of automated tests grows with each new feature.

Automated Security Scanning

Any code changes to Sitefinity Insight components get automatically scanned against a comprehensive database of security flaws, which is maintained by Veracode.

Review Policy

Development of Sitefinity Insight components follows the well-known GitFlow repository branching model, and accepting new features in the production branch can only happen through a Pull Request which in turn has a mandatory code review policy (among others).

Encryption

Communication with Sitefinity Insight components is only allowed on TLS and all data is stored encrypted.

Conclusion

Application lifecycle management of Sitefinity Insight is performed according to high standards and it is safe to expect that those will only get better, as each year all processes get continually re-audited according to the SOC 2 framework. We know that each of the thousands of customers using Sitefinity is entrusting us with their website and their data, so keeping our promises to you of high availability and robust security is essential to what we do.

I hope this post has given you insight into how we do this. You can learn more about the security features built into Sitefinity here.