Protecting your data and our services is our top priority. The availability, confidentiality, and integrity of your data is of utmost importance to your business, and to KPI Karta. We use multiple safeguards to protect this information, and are constantly monitoring and improving our products and services.
Our data center
KPI Karta hosts our applications and your data with Amazon Web Services (AWS) , an industry leader providing highly scalable, secure cloud platform computing platform. Here are some resources from AWS with additional context:
AWS has state of the art data centers where physical access is strictly controlled by professional security staff using a combination of video surveillance, intrusion detection systems, multiple sets of two-factor authentication and other electronic means. Only authorized personnel with legitimate business needs are granted access to the data centers. All physical access to data centers by AWS employees is logged and audited routinely and all visitors require ID and are escorted by authorized staff.
AWS maintains and continues to enhance their SOC reports, certifications, including SOC, PCI, ISO and many more. Additional details are maintained on the AWS Compliance section of their website.
Every data center has automatic fire detection and suppression equipment. They have fully redundant electrical power systems that are maintainable without impact to operations 24×7 and have UPS and back-up generators in case of electrical failure for critical and essential loads. Climate and temperature are precisely controlled by personnel and systems to ensure optimal performance of servers and other hardware.
All systems and equipment are monitored and receive preventative maintenance to maintain continued operability of equipment.
Business continuity management
Amazon’s infrastructure has a high level of availability and provides customers the features to deploy a resilient IT architecture. AWS has designed its systems to tolerate system or hardware failures with minimal customer impact. Data center Business Continuity Management at AWS is under the direction of the Amazon Infrastructure Group.
Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load balanced to the remaining sites.
KPI Karta deploys into multiple Availability Zones to ensure that KPI Karta can continue to function in the loss of an Amazon data center.
Secure transmission and sessions
Connection to the KPI Karta products and services environment is through secure socket layer/transport layer security (SSL/TLS), using strong encryption and authentication (TLS 1.2 with SHA256 certificate), to ensure that your users have a secure connection from their browsers to our services. Sessions are terminated after 30 minutes of inactivity, or implicitly by a user sign out event.
User IDs and passwords are both set by the user. One-time passwords are never used. Password strength and a limitation on login attempts are configurable. Passwords are encrypted. Within the application, both group and role based access rights can be assigned, allowing full control over what a user can see and use. The application also maintains an detailed event log, capturing items such as authentication, failed login attempts, asset creation, deletion, and modification.
Servers do not use passwords and require 2048 bit RSA keys to provide direct access to the box. All keys are unique to individual administrators or service accounts and are not shared. Network level firewalls prevent unauthorized traffic from reaching servers in the data center.
All data is backed up using daily and weekly images. Master/slave replication additionally ensures that database backups are hot-swappable. Backups and replications are not transported off site, but are stored in different Amazon data centers from the KPI Karta application to ensure that they can be recovered in case of loss of the primary data center.
Code testing and assessments
KPI Karta tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities.
- Application vulnerability threat assessments
- Network vulnerability threat assessments
- Selected penetration testing and code review
- Security control framework review and testing
To identify and manage threats, our team monitors notifications from various sources and alerts from internal systems.