Skip to content

Security

At ThunderQuote, we care about your security. If you have any questions
or encounter issues, please contact us!

Product Security

ThunderQuote website and web application is covered by Cloudflare firewall and DDOS protection, enforcing industry standards and OWASP protocols to defend against xss attacks and other security vulnerabilities. This serves as an additional line of security on top of existing internal security measures.

 

Our server are also configured to deny any non-recognised connections not routed via Cloudflare DNS. Cloudflare DNS also ensures that our server IPs are not directly exposed. As an additional security measure, sensitive data and administrative functionalities are shielded by multi-factor authentication provided by Cloudflare Access.

 

Product security is of utmost importance to ThunderQuote. Our team uses a software development lifecycle in line with general Agile principles. When security effort is applied throughout the Agile release cycle, security oriented software defects are able to be discovered and addressed more rapidly than in longer release cycle development methodologies. Software patches are released as part of our continuous integration process. Patches that can impact end users will be applied as soon as possible after undergoing testing in separate servers and downtime is minimised through our off-office hours patching cycle.

 

ThunderQuote performs continuous integration. In this way we are able to respond rapidly to both functional and security issues. Well defined change management policies and procedures determine when and how changes occur. This philosophy is central to DevOps security and the development methodologies that have driven ThunderQuote adoption. In this way, ThunderQuote is able to achieve extremely short mean time to resolution for security vulnerabilities and functional issues alike. ThunderQuote is continuously improving our DevOps practice in an iterative fashion.

 

Physical Security

The ThunderQuote production infrastructure is hosted in Cloud Service Provider (CSP) environments. Physical and environmental security related controls for ThunderQuote production servers, which includes buildings, locks or keys used on doors, are managed by these CSP’s. “Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.”

 

Corporate Security

ThunderQuote recognizes the diminishing utility of perimeter in relationship to modern network security. Once a perimeter is breached, services that rely on network perimeter security guarantees quickly fall. As such, ThunderQuote leverages internal services that require transport level security for network access and individually authenticate users, commonly by way of a central identity provider and leveraging two factor authentication wherever possible.

 

All ThunderQuote personnel undergo an annual security awareness training that weaves security into technical and non-technical roles; all employees are encouraged to participate in helping secure our customer data and company assets. Security training materials are developed for individual roles to ensure employees are equipped to handle the specific security oriented challenges of their roles.