Amazon Web Services (AWS) Security Features
Security capabilities and services to increase privacy and control network access include:
- Built-in firewalls that allow creation of private networks within AWS and control of network access to instances and subnets.
- Encryption in transit with TLS across services.
Connectivity options that enable private or dedicated connections from the office or on-premises environment.
Inventory and Configuration Management
Tools that enable agility and speed along with assurance that cloud resources comply with organizational standards and best practices include:
- Deployment tools to manage the creation and decommissioning of resources according to organizational standards.
- Inventory and configuration management tools to identify resources, which then track and manage changes to said resources over time.
Scalable and efficient encryption features include:
- Data encryption capabilities available in AWS storage and database services, such as EBS, S3, Glacier and Redshift.
- Flexible key management options that allow you to choose whether to have AWS manage the encryption keys or maintain complete control over your keys.
Definition, enforcement, and management of user access policies across services include:
- Identity and access management capabilities to define individual user accounts with permissions across AWS resources.
- Multi-factor authentication for privileged accounts, including options for hardware-based authenticators.
Monitoring and Logging
Tools and features that enable environment activity monitoring include:
- Deep visibility into API calls, i.e. who, what, when, and from where calls were made.
- Log aggregation and options, streamlining investigations and compliance reporting.
- Alert notifications when specific events occur, or thresholds are exceeded.
Cloudflare CDN Features
- DDoS Protection with a layered security approach combines multiple DDoS mitigation capabilities into one service. It prevents disruptions caused by bad traffic, while allowing good traffic through, keeping websites, applications, and APIs highly available and performant.
- Web Application Firewall (WAF) with an intuitive dashboard that enables users to build powerful rules through easy clicks.
- Every request to the WAF is inspected against the rule engine and the threat intelligence, curated from protecting over 20 million websites. Suspicious requests can be blocked, challenged, or logged as per the needs of the user, while legitimate requests are routed to the destination, agnostic of whether it lives on-premise or in the cloud. Analytics and Cloudflare Logs enable visibility into actionable metrics for the user.
Delivery of fast, rich user experiences for Internet applications and accelerated mobile experiences, regardless of distance to origin servers, device type, or network health, which increase engagement and conversions.
Additional airTRFX Security Protocol
- Access to production administration interfaces are reviewed every 90 days.
- Load balancers are the only public endpoints.
- Communication between private networks and data centers are conducted over SSL and through IP filtering.
- Transmission between the airline site and airTRFX via FareNet™ is conducted over SSL.
- Site access and server activity is continuously monitored by dedicated staff using a variety of tools and partners, including Sumo Logic and Cloudflare.
- No personally identifiable information of site visitors is captured or stored at any time.
Only a limited set of data is captured, transmitted, and stored in the database; the current list of data points captured comprises the following:
- Site language
- Device category
- Journey type
- # adults
- Origin (airport code)
- Destination (airport code)
- Total price
- Cabin class
- Price per leg and option
- Departure dates and times
- Arrival dates and times
- Flight duration
- Flight number
We take the security of your data very seriously at EveryMundo. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security.
If you have additional questions regarding security, we are happy to answer them. Please write to firstname.lastname@example.org and we will respond as quickly as we can.
EveryMundo LLC has been assessed and approved by QAS International to the management systems, standards, and guidelines of ISO 27001:2013. ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.