Hosting and Server Security Protocol

Hosting and Server Security Protocol

I. Hosting and Server Security Summary

EVERYMUNDO Products are hosted using Amazon Web Services (AWS) cloud storage services and Cloudflare.  AWS is highly secure, scalable, expandable, and load-balanced to exceed the Customer website’s traffic and performance requirements.

II. AWS Security Features

  • Network Security.   Security capabilities and services to increase privacy and control network access.
    • Included capabilities and services
      • Built-in firewalls that allow creation of private networks within AWS and control of network access to instances and subnets
      • Encryption in transit with TLS across services
      • Connectivity options that enable private, or dedicated, connections from office or on-premises environment
  • Inventory and Configuration Management.  Tools that enable agility and speed along with assurance that cloud resources comply with organizational standards and best practices.
    • Included Tools
      • Deployment tools to manage the creation and decommissioning of resources according to organization standards
      • Inventory and configuration management tools to identify resources and then track and manage changes to those resources over time
      • Template definition and management tools to create standard, preconfigured, hardened virtual machines for EC2 instances

C.     Data Encryption.  Scalable and efficient encryption features.

i.     Encryption Features

1.      Data encryption capabilities available in AWS storage and database services, such as EBS, S3, Glacier, Oracle RDS, SQL Server RDS, and Redshift

2.      Flexible key management options that allow you to choose whether to have AWS manage the encryption keys or maintain complete control over your keys

 

D.     Access Control.  Definition, enforcement, and management of user access policies across services.

i.     Features

1.      Identity and access management capabilities to define individual user accounts with permissions across AWS resources

2.      Multifactor authentication for privileged accounts, including options for hardware-based authenticators

3.      Integration, and federation, with corporate directories to reduce administrative overhead and improve end-user experience

 

E.     Monitoring and Logging.  Tools and features that enable environment activity monitoring.

●        Included Tools

o   Deep visibility into API calls, i.e. who, what, when, and from where calls were made

o   Log aggregation and options, streamlining investigations and compliance reporting

o   Alert notifications when specific events occur, or thresholds are exceeded

 

 

III. Additional Security Protocol

  • Access to production administration interfaces are reviewed every 90 days.
  • Load balancers are the only public endpoints.
  • Communication between private networks and data centers conducted over SSL and through IP filtering.
  • Transmission between the Customer website and Product via FareNet™ conducted over TLS.
  • Site access and server activity is continuously monitored by dedicated staff and using a variety of tools and partners including Sumo Logic and ThreatStream.
  • No personally identifiable information of site visitors is captured or stored at any time as defined in EU GDPR.