The entire Open Street site has evolved to use the latest web security standards with regard to encrypted exchange of information. This evolution accompanies the security shift that has been taking the Internet for several years, a shift probably helped by the latest revelations of alert launchers on the confidentiality of telecommunications.
Data confidentiality
At Open Street, we have always paid particular attention to the confidentiality of the data entrusted to us. The geographical data used to generate the calculation report may be sensitive, in particular if the addresses are accompanied by personal data or by telephone or e-mail. In reality it is only necessary to specify the addresses of the breakpoints, but the comfort of retrieving the client code, the contact name, and other fields in the optimization report thanks to the Excel import, helps us process different types of data.
We have always mastered the IT infrastructure that hosts our service from A to Z. This infrastructure is in France, which generally reassures our users rightly: as a French company we can not do anything with our customers’ data because we are obliged to respect the regulations.
What SSL ciphering is for
In this state of mind, the logical next step was to use an SSL encryption certificate, enabling us to encrypt the exchanges between the web server and the browser of our users and to certify Identity of the server and its non-usurpation.
For this we use the secure TLS 1.2 protocol with a 2048 bit RSA key. What we must remember is that we are putting in place what is right now: even our bank does not do better on its website.
Concretely, encryption of exchanges means that even if you use a malicious Internet connection (example: hijacked public wifi for harvesting various identifiers), the hacker could understand nothing of the addresses you enter or the calculations that you operate. Since the the company got Internet connection, this security is mostly a luxury more than an absolute necessity, but one has never suffered from an excess of precaution. An unfortunately possible scenario: even if your company is targeted by industrial espionage, or if your internet operator is trying to spy on your online activities, no information intended for our servers will be able to leak. The authentication process was strengthened, but it already had an excellent level of security with a hash algorithm changed every 2 minutes.
The certificate also ensures the identity of the server: if your browser shows you the padlock in the top left beside the URL, you are certain that you are dealing with Open Street and not a possible pirate copy Intended to steal information from you.
Finally, and perhaps most importantly, the implementation of this security is part of an approach that respects the confidentiality of data.