Versions Compared

Old Version 1

changes.mady.by.user Ryan Heathcote

Saved on

compared with

New Version 2

changes.mady.by.user Ryan Heathcote

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Information Security Policy

...

potential threats. Likewise, AWS has taken extensive measures to certify the information security of their environment.

Anchor
_621xfpq6eqnb
_621xfpq6eqnb
4. AUTHORIZED USERS OF INFORMATION SYSTEMS

...

  • Photos and Supporting Documents are encrypted at rest using Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3), each object is encrypted with a unique key. As an additional safeguard, the key itself is encrypted with a master key that is regularly rotated. The server-side encryption uses 256-bit Advanced Encryption Standard (AES-256), to encrypt all data. For more information, see Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3).

  • All photo metadata stored at rest in the underlying storage is encrypted, as are all automated backups, read replicas, and snapshots using AES-256 encryption algorithm.

  • Photos, photo metadata, and supporting documents are encrypted in transit using HTTPS and requires clients to support TLS 1.2 encryption or higher.

  • All data is securely deleted using the techniques detailed in or NIST 800-88 (“Guidelines for Media Sanitization”) as part of the decommissioning process. Refer to AWS Overview of Security Processes Whitepaper for additional details - available at http://aws.amazon.com/security

  • CloudCard adheres to industry best practices in regards to data protection, following the recommendations set forth by Amazon Web Services (see AWS Security Best Practices).

  • All CloudCard servers enable automatic minor and patch updates during weekly update windows.

...

  • CloudCard uses the premium database product from AWS,Amazon Aurora Database - which makes six copies of the data and distributes it across 3 different availability zones, continuously backed up to S3.

  • Real time backups are available to customers upon request

  • CloudCard is prepared to use a “pilot light” to keep a minimal version of an environment running in the cloud, should a disaster occur (see Business Continuity Plan).

  • Infrastructure elements for the pilot light itself include our Amazon RDS database servers, which are replicated to a different availability zone using a multi-AZ deployment as well as our Amazon S3 files, which replicates data across availability zones to preserve data (see Business Continuity Plan).

...