Security

Disciple.Tools has been reviewed and approved
by independent forensic security firms
who specialize in international Christian missions work.

Security Audits

The International Mission Board (IMB)Pioneers, and the Billy Graham Evangelistic Association (BGEA) conducted independent code reviews with forensic security firms. They reviewed the code quality and potential vulnerabilities of Disciple.Tools as a contact system to ensure the protection of names of believers in persecuted countries.

Technical Security Specs

If you are reviewing Disciple.Tools technically for implementation with international teams or for projects working in security concerned locations, we have prepared this white paper to cover the basic design and security patterns followed in crafting Disciple.Tools.

Can I put my contacts on the internet and keep them safe?

A Matter of Conscience

Disciple.Tools was built and tested by a team based in one of the most intrusive cyber police states in the world. Threat of persecution against Christians from government and non-government actors surrounded them constantly. This context necessitated a solution like Disciple.Tools.

It will be a matter of conscience as to how each Disciple Making Movement effort chooses to track and keep accountable their work. We understand each context is different and trust the Spirit to guide each appropriately. As you seek out solutions, do not assume simple equations, i.e. internet = vulnerable. 

Keeping names on mobile phone, on paper, or written anywhere offers as much a security risk — or in many cases more risk — than keeping names in a secure online database. 

We are confident in the engineering and best practices that surround Disciple.Tools. Read the provided resources to understand the due diligence we have done for this issue. 

We are even more confident, however, the real risks we take for the Great Commission are not irresponsible. Instead we believe doing less or being too conservative with risk is a greater eternal risk. 

“I was afraid, and I went and hid your talent in the ground. Here, you have what is yours.” (Matt. 25:14-30)

Hardening Disciple.Tools

Initial Security

These are basic security elements required/recommended at the launch of Disciple.Tools.

Free WP Security Plugins

Disciple.Tools recommends either iThemes or Wordfence for continuous malware, spam, bot-blocking and two-factor authentication.

SSL Required Hosting

Disciple.Tools requires secure server connections throughout the whole of the code base. This SSL server certificate is often provided for free with good hosting services.

Permissions Based

Restricting database access based on permission levels and specific assignments.

Decentralized/Self Hosting

This allows you to control risk management. Host anywhere as opposed to a centralized service – you control where and how the data is stored and who has access.

Audited

Multiple organizations have conducted code audits to verify security standards.

Open-source

Many eyes are on the code.

Extended Security Options

There are a number of recommendations on how to “harden” your Disciple.Tools installation depending on your security requirements. Some of these are as follows:

Two-Factor Authentication

Adding a WordPress plugin can add two-factor authentication to the current username/password security of Disciple.Tools.

VPN

Place Disciple.Tools behind a VPN firewall.