Privacy and Security

CDD Security Advantage

Protecting the security and privacy of our customers' data is always our top priority. Our software, our infrastructure, and our policies are all designed to ensure the highest levels of security and privacy, and to assure our customers that they can rely on CDD to protect their data.

Many leading research organizations — including private companies, universities, and foundations — entrust CDD with their sensitive IP. Before they became CDD customers, many of these organizations questioned the idea of allowing their sensitive data to be hosted by an outside party, and several of them engaged in intense due diligence to scrutinize the technology and the company. They concluded that CDD's remotely-hosted service can protect their IP even more reliably than an in-house system could. CDD's clients of course retain full ownership of their data.

CDD draws upon the most sophisticated information security technologies available and layers them to create redundant defenses. We test and probe at every level.

CDD's servers are hosted at United Layer, a professional colocation service in San Francisco. United Layer provides multiple redundant network connections to ensure connectivity to the outside world, as well as redundant power, cooling and fire suppression. Access to the facility is guarded 24x7 by a team of onsite security guards and limited by electronic keycard and key.

Our software runs on Intel Linux systems that are behind both a hardware and software firewall to prevent unauthorized access. All traffic to and from our servers is encrypted after the user logs in. Nightly data backups are encrypted with military grade cryptography and stored at both onsite and offsite locations.

We regularly run automated security tests to ensure the security of our proprietary applications. All access to servers and superuser level accounts is limited, logged, and audited.

In many cases, these measures afford a much higher level of security than an in-house system. For example, most small organizations rely on ad hoc internal networks that are not explicitly secured, lack guards to keep their physical premises under continuous surveillance, fail to perform regular off-site backups, do not bother to define and restrict user access privileges to database systems, do not log database access, and do not audit usage. Often, the users themselves are responsible for the network and the database, but lack the expertise to secure them properly. In an environment weakened by any of these flaws, the instinctive sense that a database is secure because it is located on site is an illusion. For most academic laboratories and small companies, entrusting research data to CDD can therefore significantly enhance security and privacy.

Large companies typically have the IT resources necessary to avoid these issues and create a secure perimeter around IP. The perimeter, however, typically does not provide a suitable mechanism for employees to collaborate securely with academic groups or other organizations outside the company's firewall. Employees must circumvent security measures to collaborate (e.g. email datasets over insecure channels or open holes in firewalls), undermining the security architecture. CDD offers large organizations a secure mechanism to mediate the exchange of data with external collaborators. Maintaining the data in a central, secure database enforces access restrictions and provides an audit trail, unlike ad hoc exchanges of data files. Advanced features such as data masking not only protect data privacy, but also facilitate exploratory collaborations before negotiating complex legal agreements. You can even reserve full database administrator rights for yourself. If your company exchanges research data with outside collaborators, then compare CDD's software and security scenario not to the ideal of your IT policies and perimeter, but rather to the reality of how your scientists move data across the border when they collaborate externally.

CDD welcomes all your questions about security and privacy. We believe that a robust and open discussion of these issues illuminates the risks, and helps to reassure customers that relying on CDD's software enhances the security of their sensitive IP.

CDD Data Privacy Policy

1. Each research group decides if, when, and with whom to share data through username/password-protected, invitation-only online groups.
2. By default each group's data remain 100% private, unless a researcher agrees explicitly to share it with other named users or with the CDD community. This can be done temporally, for example data can be kept private until after publication or patent.

CDD Security Measures

1. CDD encrypts all traffic between a user's web browser and our servers once the user has logged in.
2. CDD performs thorough automated testing of our application code, including security tests to make sure one group cannot access another group's private data.
3. CDD deploys two firewall levels (“defense in depth”), the first in hardware and the second in software, for each sensitive server in our server environment.
4. CDD encrypts all database and customer file backups using public key cryptography, and the private keys are backed up securely.
5. CDD stores user passwords in our database using strong, one-way encryption hashes.
6. CDD stays current with all security updates to our system software, firmware and operating systems.
7. CDD enforces mandatory password security policies.
8. CDD limits and audits internal access to data servers and superuser accounts.
9. CDD protects its servers in securely guarded and continuously monitored hosting facilities.
10. CDD encourages all users to protect their own computers by applying all security patches recommended for their operating systems and using up-to-date anti-virus products.

More details

For many more details regarding the security of the data within the CDD database, please email .