We developed CN using universally accepted best practices for applications that handle sensitive information, and are accessed via the Internet by end-users and partners. These best practices include guidelines for encryption and highly restricted access to back-end development, deployment, and data storage environments. This also covers the OWASP Top 10 recommendations.
We have proved proficiency in all audits and security scans conducted by University IT departments. This means that our clients perform inspections and approve of our product suite post-security checks.
We apply established best practices for ensuring our infrastructure is secure:
- All traffic is encrypted using SSL/TLS with 256-bit encryption (HTTPS).
- CN servers are guarded by various firewalls, with both external WAN access and internal LAN restrictions - powered by AWS infrastructure.
- CN server access is given only to the trusted CN employees who require it.
- CN controls all access logs and records actions made each user.
- CN employs automatic installations (with no interruption to end-users) for all crucial operating system and application security patches as soon as they are released
- All servers operate within a Virtual Private Network (VPN) (secure structure of different components of the system), which are only accessible from internal nodes
- We transfer all of the incoming and outgoing traffic through one secure proxy interface.
CN is hosted using Amazon Web Services (AWS). AWS data centers adhere to the highest standards of physical security and processes and have fulfilled ISO 27001, ISO 9001, SOC 3 and other certifications. For more information on AWS security infrastructure visit http://aws.amazon.com/security/ and http://aws.amazon.com/compliance/
Our user-data back-ups to the Amazon Elastic Block Store (EBS) service occur regularly and automatically; additionally, EBS has redundant nodes in different locations. CN stores all data for six months for customers (may be extended per contract terms if necessary). We can also execute a data dump or delete data based on client-need. All backups and snapshots are encrypted.
Regarding user-data and AWS, we...
- host our services in the N. Virginia datacenters of Amazon
- perform daily data backups on a separate server - backups are complete versions of production data
- use the Mongo DB Replica set which renders higher availability, retrieval performance, reliability, vertical and horizontal scalability, and very low "Recovery Time Objective"
- can extend the number of servers to handle the higher load without any interruption
CN is hosted on thoroughly firewalled servers which automatically disable any unsupported device that tries to access them; the servers are carefully configured to allow access only to known services. Our data centers are only accessible by our internal servers, and no external access is granted.
Data Integrity and Disaster Recovery
CN is designed and meticulously built for High Availability and 99.9999% uptime. We conduct user data backups daily. However, having access to multiple duplicate servers reduce the risk of data loss (close to zero). Essential data and data with the highest usage rates are delivered to users worldwide using CDN to reduce the propagation delay. In addition to providing higher performance and availability, redundant data centers decrease the disaster recovery time (to zero). Therefore, if one or more servers fail, there are backup servers that can replace them immediately, without interruption.
We look for our service providers to provide us timely notification of breaches. If a security breach occurs, we will work with our clients and end-users to notify them promptly. If a data breach should occur, the GDPR specifies that we must provide adequate notification. The affected company has 72 hours to notify the appropriate data protection agency and must inform affected individuals “without undue delay.”