Our mission at Stack Overflow is to help developers learn, share and build their careers. For the first time ever, Stack Overflow for Teams gives developers the ability to ask and answer questions with their coworkers in a completely private area of Stack Overflow. The core of that product is privacy and security, which is why we architected for that from the start. 

Architecture

From the beginning, Teams data is kept isolated from public Stack Overflow data.

  • Data isolation: Teams data is stored in a separate set of databases from Stack Overflow public, and each individual customer’s data is logically separated into its own SQL schema and tables with unique logins for each Team.

  • Application isolation: Teams data can only be accessed by an isolated replica of the Stack Overflow application, which the main public application accesses via an API.

  • Network isolation: Teams data and applications exist on a separate network within our production datacenter, with strict firewall rules, and which is only accessible to members of our Site Reliability and Architecture teams.

These protections are in addition to our normal protections around our production datacenter, which include strict firewall rules, a secure VPN that only Stack Overflow employees have access to, and automated vulnerability scanning of all hosts.

Physical Security

All of our production infrastructure runs in colocation facilities which have industry-standard access controls, including:

  • Facility and cage access limited to data center and approved Stack Overflow staff

  • 24/7 on-premises security guards

  • Biometric identity verification

Our offices are secured by key card access restricted to approved Stack Overflow staff and escorted guests.

Organizational Security

As an organization, we are committed to ensuring that your private Teams data is never accessed by unauthorized personnel or for unauthorized reasons. 

Access by technical personnel is limited only to members of the engineering team who need access for the purpose of maintaining the security and availability of the service. Members of those teams have access to the underlying systems which store and process your data (via secure VPN), and never view sensitive Teams data which may contain company proprietary information, such as questions, answers, and tags, without the approval of the customer.

We are actively pursuing a SOC 2 Type II attestation, and can provide more detail upon request.

Encryption

Stack Overflow requires the use of HTTPS in order for clients to communicate with the site. All customer data is encrypted using recommended cipher suites and protocols when in transit over public networks and within our network between the private Teams network zone and the rest of our infrastructure. Customer data at rest is not uniformly encrypted, although backups are encrypted.

Availability and Disaster Recovery

All data and infrastructure is built to be fault-tolerant and redundant. We maintain two redundant facilities, with the ability to rapidly failover between them in the event of a failure. We also maintain encrypted offsite backups and routinely test restoring from backups.

For availability updates, see stackstatus.com or @stackstatus on Twitter.

External Security Audits

Stack Overflow Teams undergoes regular penetration testing performed by respected third-party security firms, and any findings that present a risk to our environment are remediated. Our last application penetration test was performed in March 2018.