Technical and organizational security measures

Last updated December 29th, 2021
Security Lead Contact: [email protected]

User Event Logs

Storage

Log records are stored in AWS S3 with encryption at rest. Subsets of data may be
temporarily saved on company laptop machines for analytics and research purposes.

Security

By default:

  • All servers are in a dedicated private VPC with limited access (depending on Marketplace)
  • Log records are encrypted in transit and in storage.
  • All parts of the system use restricted AWS IAM identities with limited access.
  • A small set of internal users have access to production data to debug issues.
  • Depending on the API, we use security tokens or oauth2 for authentication.

AWS

We enabled some AWS Security features (Cloudtrail, Container Image Scanning). We will soon enable other security features (AWS Security Hub).

Networking

The Promoted servers follow standard AWS security protocols. A Private VPC per client. Most resources are on private subnets. Limited Security Groups and IAM users/roles/policies. We have a VPN setup to access from developer machines. The data is encrypted in transit between the servers as well as at rest.

For clients in AWS, we use a Transit Gateway for interacting across VPCs. Only the necessary resources are exposed through the Transit Gateway. Each side of the Transit Gateway is locked down and IAM users/roles/policies as declared on each side.

For clients who are not in AWS:

  • In v1, clients will make an https connection and send us a private api key.
  • In later versions, we plan on doing multiple improvements:
    • Supporting a cross-cloud VPN.
    • Switching to gRPC protocol (better support for preventing man-in-the-middle attacks).
    • Adding an extra layer of encryption of the data.

Storage

S3 is used for long-term storage of logs (can contain personal information). The data is stored encrypted using per client/environment KMS.

Other data can be stored temporarily on AWS EBS disks which are also encrypted.

Deployment

Most of our code is stored in private GitHub repositories. The code is locked down so code reviewers are needed for non-admin. Deployment secrets are stored in GitHub Secrets and AWS Secrets Manager. We have a locked-down, secure deployment user account that builds images and deploys changes to our production stack.

Production secrets are stored in appropriate secret stores: AWS Secrets Manager, K8 Secrets.

If a developer interacts with a production system from their client, they will need a subset of these:

  • Run a script that sets AWS access env variables for 24 hours. This takes in an MFA token as input.
  • Enabling traffic to run through a VPN.
  • Specifying a KUBE_CONFIG containing access tokens to use when performing K8 commands.

Other tools

We use MFA when available on our user accounts on the following:

  • 1password - storing secrets.
  • GitHub
  • Google Accounts
  • Slack
  • AWS

Laptop Security

We use company-owned OSX MacBook laptops secured with strong passwords and encryption.


Did this page help you?