Think Crew Security Overview – Think Crew Support

Think Crew maintains enterprise-grade security through a multi-layered approach across all components of our infrastructure. Our platform leverages industry-leading hosting providers and implements security best practices to protect your data and ensure platform reliability.

Security Architecture

HTTPS Encryption

All Think Crew services use HTTPS encryption to secure data transmission between clients and servers. This industry-standard protocol ensures that all communications are encrypted in transit, protecting against eavesdropping and man-in-the-middle attacks.

Multi-Tier Infrastructure Security

Think Crew’s security is built on three foundational layers:

Frontend Security (Dreamhost)
Backend API Security (Heroku)
Database Security (ObjectRocket)

Each layer implements specific security controls appropriate to its function while working together to create a comprehensive security posture.

Frontend Security (Dreamhost)

Core Security Features

Dreamhost provides our security certificate, automated backups, DDoS protection, and malware scanning for all hosted websites. The platform automatically installs and renews SSL certificates powered by Sectigo DV.

Web Application Protection

Dreamhost provides our Web Application Firewall (WAF) that protects websites from common attacks, such as SQL injection and cross-site scripting (XSS). Additionally, they use Lua-resty-waf, an open-source project that combines Nginx services, Lua interpreter, and JIT compiler for advanced protection.

Additional Security Measures

DreamShield: DreamHost’s own malware remover, made by the company’s in-house security engineers, which performs weekly scans and provides malware removal
Domain Privacy: A default free security service that hides personal information from the public WHOIS database
Multi-Factor Authentication: Support for Google Authenticator app or YubiKey protection for login credentials

Infrastructure Security

DreamHost provides robust digital security tools, including SSL, daily data backups, and web application firewalls. The platform maintains a 100% uptime guarantee backed by compensation for any downtime.

Backend API Security (Heroku)

Platform-Level Security

Heroku applies security best practices and manages our platform security, with security controls at every layer from physical to application, isolating customer applications and data. The platform is designed to rapidly deploy security updates without customer interaction or service interruption.

Data Protection & Compliance

Heroku maintains extensive compliance certifications:

ISO 27001/27017/27018: Certified against widely recognized international information security standards that specify security management best practices and comprehensive security controls
SOC 1, 2, and 3: Independent auditing of IT controls and security measures around availability, confidentiality and security of customer data
HIPAA & PCI Compliance: Heroku Shield provides additional security features for building HIPAA or PCI compliant applications

Access Control & Authentication

Heroku offers Single Sign-On (SSO) integration with identity providers and mandatory Multi-Factor Authentication (MFA) as an effective way to increase protection against common threats like phishing attacks, credential stuffing, and account takeovers.

Infrastructure & Backup Protection

Our API is automatically backed up as part of the deployment process on our secure, access controlled, and redundant storage. The platform utilizes ISO 27001 and FISMA certified data centers managed by Amazon with extensive physical security controls.

Private Network Isolation

Heroku Private Spaces provide network isolated environments with additional trust controls including keystroke logging for production access auditing, space-level logging, encryption at rest for ephemeral data, and strict TLS enforcement.

Database Security (ObjectRocket)

Core Security Controls

Our ObjectRocket clusters come with SSL encryption, ACLs/IP whitelisting, user authentication, and container-based isolation. The platform also offers encryption at rest as an optional setting for customers that want an extra layer of security.

High Availability & Data Protection

ObjectRocket offers sharded and replica MongoDB instances in 3 member replica sets for data redundancy and fault tolerance. Each instance is protected by replication, and should any component fail, the replica set architecture provides primary level high availability and fault tolerance.

Backup & Recovery

Backups are taken daily with a default retention period of two weeks. ObjectRocket retains instance data for up to 24 hours in the event an instance was accidentally deleted, providing additional protection against data loss.

Performance & Isolation

ObjectRocket uses single-tenant clusters with dedicated containers running on high performance hardware with PCI Express flash storage, ensuring both security isolation and optimal performance.

Shared Responsibility Model

Think Crew’s security follows industry-standard shared responsibility principles:

Think Crew’s Responsibilities

Maintaining secure infrastructure configurations
Implementing security updates and patches
Monitoring for security threats and vulnerabilities
Ensuring data backup and recovery capabilities
Managing access controls and authentication systems

User Responsibilities

Using strong, unique passwords
Following secure coding practices in applications
Reporting suspected security incidents promptly
Keeping local systems and browsers updated

Incident Response

In the event of a security concern:

Report immediately to our support team at support@thinkcrew.com
Document any suspicious activity or potential security indicators
Preserve any relevant evidence
Follow any additional guidance provided by our team

Compliance & Certifications

Through our hosting partners, Think Crew benefits from multiple compliance frameworks:

ISO 27001/27017/27018 (Information Security Management)
SOC 1, 2, and 3 (Service Organization Controls)
PCI DSS (Payment Card Industry Data Security Standard)
GDPR (General Data Protection Regulation) compliance support

Regular Security Practices

Continuous Monitoring

24/7/365 infrastructure monitoring across all tiers
Automated security scanning and threat detection
Regular security assessments and penetration testing

Updates & Maintenance

Automatic security patches and updates
Regular infrastructure security reviews
Proactive vulnerability management

Data Protection

Encryption in transit (HTTPS/TLS)
Regular automated backups with secure storage
Data redundancy and fault tolerance

Contact Information

For security-related questions or to report security concerns: support@thinkcrew.com

Last Updated: 1 week ago in Site Info Tags: access-control, authentication, backup-security, cloud-hosting, cybersecurity, Data Privacy, data-protection, database-security, ddos-protection, dreamhost, encryption-at-rest, encryption-in-transit, enterprise-security, gdpr-compliance, heroku, hipaa-compliance, https, incident-response, information-security, infrastructure-security, iso-27001, Knowledge Base, malware-protection, mongodb, monitoring, multi-factor-authentication, network-isolation, objectrocket, pci-compliance, platform-security, security, security-best-practices, security-certifications, security-overview, shared-responsibility, soc-compliance, ssl-encryption, Think Crew, threat-protection, vulnerability-management, web-application-firewall, web-security