The Cloudoko Forms service does not store user form data. The service collects data from a user via a form presented in a browser and be configured to send this via email to your address(es). This article discusses the security implications of this.The form data is transmitted securely across the public internet between:
- The browser and the Cloudoko Forms service
- The Cloudoko Forms service and the email server
Using our email server
Cloudoko can only protect the security of an email once it leaves our email servers.
Emails are inherently hard to secure without additional additional technology such as S/MIME or OpenPGP. At present Cloudoko do not support either of these options but are open to discussion with our customers should the need arise.
You should also check that your email clients are connecting securely (over TLS) to your email servers.
The risks can then be limited to someone snooping traffic between our email server and your email server.
Using your email server
Cloudoko can be configured to send emails using your SMTP server in one of two ways.
Via Cloudoko Driver (if your email server is internally hosted - e.g. behind a firewall)
The Cloudoko Forms service can communicate with an internally hosted email server with Cloudoko Driver via a Microsoft Azure service bus relay using transport security, TCP for message delivery, and a binary message encoding. The service bus control channel is SSL-protected. Proven Microsoft technology is employed to ensure security. For more information on Azure service bus relays, see https://azure.microsoft.com/en-gb/documentation/articles/service-bus-fundamentals-hybrid-solutions/#relays