Security considerations: how to manage access to your board

Since Rise is used by businesses and enterprises, the data stored is often sensitive. We provide several levels of security.

Level 1 -  Physical and database security

We host all our servers at enterprise class cloud facilities provided by Amazon and SoftLayer.  We expect any third party services we use in providing the service to have a similar level of security.

Level 2 -  Web security

All web connections operate under ‘SSL’ – a cryptology technology much like a ‘phone scrambler’ which avoids intermediaries listening in to your web traffic. Server access is closely controlled to a group of named (Leaderboarded Ltd) employees and contractors only.

Level 3 - Rise Boards

Each Rise board is uniquely identified and all data associated with it (both unstructured score entries and structured release data) is categorised with that board. When the board is deleted then all data associated with that board is also deleted.

Since Rise is a network model (we operate as a trusted broker between entities - players and managers) player data (their account details and authorisations) is owned by the player not the manager.  This means that as well as managers being able to delete data on a board, players can also delete data that pertains to them (their historic tweets for example) and choose to permanently opt out of any board.

Currently only players and managers have access to raw data entries - spectators (whether logged in or anonymous) may not browse raw score entries.  Using a specialist "Rise board connector" managers can give other named Rise managers access to use unstructured data entries within their own board scoring algorithms.

Level 4 – Board privacy levels

You can set the privacy level of your Rise board as follows:
  • Public – available for all to view and find via the public gallery
  • Unlisted – available for anyone to view who has the URL
  • Login wall - available for anyone who has logged in to Rise and is following the board
  • Private – available for players and managers only. Players must sign in to in order to see the leaderboard
  • Private: score only – as Private but here only managers can see the leaderboard, players just see their player stats screen
  • Stealth – players cannot see the leaderboard only managers can see it.

Level 5 – Board Manager roles

There are several access control roles for each board. These allow you to control access for managers to particular features. Understanding the roles and what they allow helps explain the work required in running a successful leaderboard project.

The Board Manager roles are listed in this article: Rise Board Manager Roles

Level 6 - Data Housekeeping

In order to minimise the length of time raw data is kept on the Rise servers Rise operates a 92 day data storage policy (one quarter worth of data). Raw data (API data, social data such as Tweets, Yammer content) that is required to produce scores - is deleted on a rolling 92 day process unless explicitly required to be kept by the board's score algorithm as set by the board manager.

Additionally a full manual delete of data entries for any metric is possible by the board manager.

Feedback and Knowledge Base