Overcast Security Statement
At Overcast, we take security very seriously. Overcast was built from the ground up with security in mind.
Data in Transit:
We move large digital assets to and from our cloud storage facilities by providing the best-in-class security.
The Overcast platform is web based and uses HTTPS which indicates that the website is protected by Secure Socket Layer/Transport Layer Security. Data sent between you and the website is encrypted so the information is private, and that the website is identified to be who it claims to be.
Overcast also partners with Amazon Web Services and Signiant to provide AES256 data encryption of all files uploaded and downloaded from the cloud storage facility.
Overcast increases security by using tokens based on customer defined roles. This protection is important where a customer provides access to their storage account to third parties like producers who upload video content.
All transfers of data are tracked and time-stamped for traceability. This makes it easy to monitor the flow of data into and out of an account.
Overcast partners with Amazon Web Services to provide the most secure data and video hosting used by companies such as BBC, Netflix, ITV and Slack.
The entire Overcast application is run on AWS configured with security in mind. The main datacentres are located in Ireland.
Data access auditing
Overcast is configured to log all actions on the platform. The log records can be used for audit purposes and contain details about all request, such as the request type, the resources specified in the request, and the time and date the request was processed.
Overcast storage is designed to provide 99.999999999% durability. This durability level corresponds to an average annual expected loss of 0.000000001%. To put that in context, if you store 10,000 objects, you can on average expect to incur a loss of a single object once every 10,000,000 years. In addition, our Amazon storage facility is designed to sustain the concurrent loss of data in two facilities.
Overcast objects are redundantly stored on multiple devices across multiple facilities in Ireland. The storage service is designed to sustain concurrent device failures by quickly detecting and repairing any lost redundancy. When processing a request to store data, the service will redundantly store your object across multiple facilities before returning SUCCESS.
As with any environment, the best practice is to have a backup and to put in place safeguards against malicious or accidental users errors. For Overcast data, that best practice includes secure access permissions, cross-region replication and regularly tested backup.
All Overcast email communication uses encryption and authentication. Overcast uses Transport Layer Security (TLS), a protocol that encrypts and delivers mail securely, prevents eavesdropping and spoofing (message forgery) between mail servers. TLS is a standards-based protocol based on Secure Sockets Layer (SSL). TLS is rapidly being adopted as the standard for secure email.
TLS supports the use of digital certificates to authenticate the receiving servers.
Overcast uses DKIM – a method for validating a domain name identity that is associated with a message through cryptographic authentication.
For user login, Overcast uses 2-step user authentication. This process verifies that the receivers (or senders) are who they say they are.
All passwords are encrypted and stored in a database using modern cryptography according to OWASP best practices.
Clients wishing to run their own security tests are welcome to verify the Overcast security system.