A web application firewall (WAF) around the LIMS.eu cloud ensures that only encrypted access to LIMS.eu is possible. Access to the firewall is controlled by a load balancer that distributes the load of requests across several application servers in different availability zones and only allows encrypted connections via HTTPS with RSA encryption and a key length of 2,048 bits.

Login to LIMS.eu is done via user authentication with login, password and an additional security factor (MFA - multifactor authentication) with authenticator apps such as Google Authenticator, Microsoft Authenticator, Authy, KeePassXC, etc. or with security keys such as YubiKeys, SoloKeys, Google Titan, etc. Passwords are encrypted using the Argon2ID algorithm, which is unbroken according to the current state of the art.

Since the version 2023.45 LIMS.eu supports login with Passkey. Passkey is a new option for logging in without a password with a higher level of security than password + MFA and allows a faster and more convenient login.

LIMS.eu also supports single sign-on (SSO). In this case, login takes place via an identity provider such as Microsoft Azure AD, Okta, etc. This allows users to log in to LIMS.eu more quickly and securely with their existing company account.

Each login attempt is logged with the IP address and time. If someone attempts to log in several times in succession with an incorrect password, the login to LIMS.eu is blocked for a defined period of time.

The data is stored in encrypted form in the LIMS.eu cloud on a MySQL-compatible database (Aurora). Each LIMS uses its own database with separate database accounts for each instance, so that access to data from another LIMS.eu customer is technically impossible.

All databases are stored in encrypted form. This prevents an unauthorized party from reading or changing the data unnoticed (changing individual bytes would make the entire database unreadable).

AES-256-GCM, a symmetrical algorithm based on Advanced Encryption Standard (AES-256) and Galois Counter Mode (GCM) with a 256-bit key, is used to encrypt the databases.

A complete data backup of LIMS.eu is carried out continuously on Amazon S3. In order to guarantee our customers absolute security, an incremental backup of LIMS.eu is created every second. In addition, a complete backup is created daily.

All daily backups are kept for one week. After one week, one complete backup per week is kept until revoked, for at least the next 10 years.

The data backup is designed for data stability of 99.999999999% over one year. This reliability level corresponds to an expected annual data loss of 0.000000001%. This data stability is achieved by distributing each backup redundantly across three independent data centers.

All backups are stored in encrypted form, with each backup being encrypted with its own key (all keys are encrypted with their own master key, which is changed on an ongoing basis). The 256-bit Advanced Encryption Standard (AES-256) is also used to encrypt the backups. No practically feasible attack is known for this procedure.

Availability

The LIMS.eu cloud is distributed across two independent availability zones and designed for an availability of > 99.95%. This corresponds to a downtime of less than 5 hours per year.

Availability Zones are self-contained data centers separated by many miles, with redundant power, networking and connectivity, designed to be isolated from failures in other Availability Zones.

The LIMS.eu cloud runs in the Amazon AWS data center in Frankfurt and is distributed there in parallel to the availability zones eu-central-1a and eu-central-1b. The LIMS.eu cloud is designed to withstand the failure of an availability zone and remain available.