How secure is Church Social?


In short, Church Social is very secure. From day one, Church Social was built with security front of mind. We anticipated that the idea of having data in the cloud would make some people uncomfortable. Ironically, we believe that Church Social actually makes church data more secure than it often currently is. Let us explain.

What are churches doing right now?

Before looking at Church Social, and the possible threats it presents, it’s helpful to look at what congregations are doing right now. From our experience working with a number of reformed churches, it’s become clear that not enough thought is put into current security measures. Statisticians, understandably, are not security experts. Often data is housed in a file on their family’s computer, completely available to other users of that system.

Further, because their current database doesn’t allow easy sharing of data to office bearers and pastors (like Church Social does), entire Excel files are often emailed through unsecured connections to other members in the congregation. At this point data is sitting on multiple home desktop computers, also available to anyone with access to those systems.

Finally, backups are often lacking. It’s been expressed by one administrator that “entire church databases are just one power surge away from disaster”. We’ve observed that some statisticians save their database file to an online service like Dropbox or Google Docs. We think this is smart, but unlike Church Social there is very little accountability. Services like Dropbox and Google follow a "use at your own risk" policy.

But isn’t one big database more dangerous than many small ones?

While a more localized, self hosted, single church database may seem safer at first, the opposite is actually true. Locally hosted sites require churches to manage their own hosting, leaving them responsible to maintain security firewalls, password protection, server software updates, and more. Further, this hosting is most often in a shared environment, meaning other websites would be running on the same server. This presents a big security risk.

Church Social is run on a dedicated hosting server, meaning there is no one else on that computer system. We run backups daily. The server is accessible only via SSH (a secure connection), and not with password authentication, but rather only via pre-approved computer systems with the correct public keys installed. Within the application itself, a secure SSL 128-bit connection is forced (the same security used by banks and e-commerce websites). Passwords within the software are one-way encrypted with a random salt (to prevent hash table look ups) and they require a site key to encrypt.

Within Church Social, absolutely no congregations have access to the raw database. Members interact with their own data alone and this is only possible after they are securely logged into the software.

Any system is prone to failure

Having said all that, we acknowledge that any system is prone to failure. In the same way that a paper version of data could be stolen or destroyed, it is true that servers can be compromised. This is why security has been a major focus since the initial development began, and it will continue to be moving forward.

One final thought. While we’re treating the data within Church Social like it were banking information, most of the data we manage is readily available in a phone book. If you have any further questions about our security policies, please email us at [email protected].