Protection against access by third parties | Data backup | Availability
A web application firewall (WAF) around the Labordatenbank cloud ensures that only encrypted access to the Labordatenbank is possible. Access to the firewall is controlled by a load balancer that distributes the load of requests across several application servers in different availability zones and only allows encrypted connections via HTTPS with RSA encryption and a key length of 2,048 bits.
Login to the Labordatenbank is done via user authentication with login, password and an additional security factor (MFA - multifactor authentication) with authenticator apps such as Google Authenticator, Microsoft Authenticator, Authy, KeePassXC, etc. or with security keys such as YubiKeys, SoloKeys, Google Titan, etc. Passwords are encrypted using the Argon2ID algorithm, which is unbroken according to the current state of the art.
new Since the version 2023.45 the Labordatenbank supports login with Passkey. Passkey is a new option for logging in without a password with a higher level of security than password + MFA and allows a faster and more convenient login.
The Labordatenbank also supports single sign-on (SSO). In this case, login takes place via an identity provider such as Microsoft Azure AD, Okta, etc. This allows users to log in to the Labordatenbank more quickly and securely with their existing company account.
Each login attempt is logged with the IP address and time. If someone attempts to log in several times in succession with an incorrect password, the login to the Labordatenbank is blocked for a defined period of time.
The data is stored in encrypted form in the Labordatenbank cloud on a MySQL-compatible database (Aurora). Each Labordatenbank uses its own database with separate database accounts for each instance, so that access to data from another Labordatenbank customer is technically impossible.
All databases are stored in encrypted form. This prevents an unauthorized party from reading or changing the data unnoticed (changing individual bytes would make the entire database unreadable).
AES-256-GCM, a symmetrical algorithm based on Advanced Encryption Standard (AES-256) and Galois Counter Mode (GCM) with a 256-bit key, is used to encrypt the databases.
A complete data backup of the Labordatenbank is carried out continuously on Amazon S3. In order to guarantee our customers absolute security, an incremental backup of the Labordatenbank is created every second. In addition, a complete backup is created daily.
All daily backups are kept for one week. After one week, one complete backup per week is kept until revoked, for at least the next 10 years.
The data backup is designed for data stability of 99.999999999% over one year. This reliability level corresponds to an expected annual data loss of 0.000000001%. This data stability is achieved by distributing each backup redundantly across three independent data centers.
All backups are stored in encrypted form, with each backup being encrypted with its own key (all keys are encrypted with their own master key, which is changed on an ongoing basis). The 256-bit Advanced Encryption Standard (AES-256) is also used to encrypt the backups. No practically feasible attack is known for this procedure.
Availability Zones are self-contained data centers separated by many miles, with redundant power, networking and connectivity, designed to be isolated from failures in other Availability Zones.
The Labordatenbank cloud runs in the Amazon AWS data center in Frankfurt and is distributed there in parallel to the availability zones eu-central-1a and eu-central-1b. The Labordatenbank cloud is designed to withstand the failure of an availability zone and remain available.
Labordatenbank cloud availability of the last 10 years:
| 2023 | 99,99% | |
| 2022 | 100% | |
| 2021 | 99,99% | |
| 2020 | 100% | |
| 2019 | 99,99% | |
| 2018 | 100% | |
| 2017 | 99,99% | |
| 2016 | 100% | |
| 2015 | 99,99% | |
| 2014 | 99,99% | |
| 2013 | 99,99% |
