Global Security Practices

System User Management

User privileges, accounts and SSH keys are managed by our Ansible playbooks.

Adding a new user or removing an outgoing employee is fully automated.

Global Password Management

We use a password manager to share all passwords, secrets and keys between related teams.

Passwords are never shared any another way.

Sharing is managed according to our groups and hierarchy policies set by the Toucan Toco administrators.

Toucan Toco’s Hardware Hardening

All employees’ mobile devices are enrolled in our Mobile Device Management system which imposes a set of rules like to have a lock screen, to encrypt the partition.

Toucan Toco administrators can also erase any mobile devices remotely.

Computer data partitions for all the product team are all encrypted.

Office Access

Office access is only granted by building badges.

All building badges have a unique ID associated to each employee or visitor.

Employee Departure

A procedure for employee departure is systematically applied when an employee leaves the company.

This procedure includes:

  • retrieving the building badge
  • disabling email, the password manager and SSO accounts
  • removing data on laptops and mobile devices
  • removing access to the infrastructure (if the employee is an admin)

This procedure is regularly updated and tested.

A large part of this procedure is fully automated by our Ansible playbooks.

Office Network

To respect best practices, dedicated VLANs have been configured to isolate the employees’ network from the visitors’ network.

All Wifi networks are protected with a dedicated WPA2 configuration.

Audits

We regularly challenge and test what we do, create and manage.

For example, we test our backup restoration process every month.

We also audit our infrastructure and our application security every year by external resources.

All audits are made on our current master version which is available on demo.toucantoco.com.

Please note demo.toucantoco.com is a real production instance with fake data, we apply the same security and monitoring policies to all our production instances.