Data protection and Security¶
Related Topics¶
Security systems and data access policies
Potentiality databases and sites are hosted on the Amazon AWS cloud. In relation to data security there are 3 issues which are of key relevance; physical security, cyber security and data ownership.
Physical security:¶
this is best addressed by Amazon themselves. The best way to consider this is to compare the security at the Amazon data centre to the security at any school. Clearly the physical security at Amazon far exceeds that of any school. The article also deals with some of the Amazon related cyber security issues. https://aws.amazon.com/security/ . As a managed service, Amazon EC2 is protected by the AWS global network security procedures that are described in the Amazon Web Services: Overview of Security Processes whitepaper.
Server software: Potentiality has a policy of updating servers with the latest patches for all installed software. In some instances a major patch will be installed on our staging server first to ensure no negative impacts for our clients, this decision is made on a patch by patch basis depending on the significance of the patch and the implications of any security flaws that have been resolved. In general all patches will be installed within a week of release.
Cyber security:¶
Potentiality utilises 4 layers of security to help protect the data. Firstly, the Amazon EC2 firewall. We only have 2 ports visible through this firewall, HTTP and SSL (which are required to run our services, by default the ports are 80 and 443 respectively). The second layer is the Windows Server 2016 Firewall, IIS web server with all the latest security patches, and the recently released inbuilt Windows 2016 Defender Service. The third layer is our custom code sitting under the IIS asp.net pages. Even if a hacker were able to penetrate the IIS system, they’d then have to penetrate our custom built code which is compiled off site and unrelated to any publicly available software. The final layer is the fact that the data is held on a completely different server instance, only accessible by an Amazon Virtual Private Cloud, not visible to the internet and accessed securely over an encrypted connection with limited command access. The separated database has completely separate usernames and data tables per client to ensure no cross client data access. We run periodic online penetration tests using a third party supplier to double check all of this.
Data protection:¶
This is dealt with within our Service Agreement. Essentially, all Potentiality clients own their data and Potentiality gains permission to use it for the purposes of the site and for administration such as backups. The transactional nature of the database means that backups are ongoing and we can restore to any time point within a 2 day time frame, then we keep weekly backups for a month, and 1 ongoing monthly backup for 6 months. The administrators of the site always have full access to the data through the database export facility.
We are able to install our system onto a remote client server, however this would incur additional costs and would remove inherent benefits such as our ongoing monitoring for security and uptime guarantees, as well as our ongoing upgrades.
Data encyption in transmition:** **¶
All Potentiality sites use the https protocol to secure all webpages that carry or transfer personal data and/or payment data.
sub-pages¶
0 0