Physical and Network Security
We use Amazon's AWS platform and infrastructure for Crewmojo. Crewmojo employees do not have any physical access to our production environment.
More details about the security setup of AWS.
“Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, with military grade perimeter control berms. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in. They are also continually escorted by authorized staff.”
In addition to physical security, being on AWS platform also provides us significant protection against traditional network security issues including:
Distributed Denial Of Service (DDoS) Attacks
Man In the Middle (MITM) Attacks
Packet sniffing by other tenants
We use two factor authentication for access to all administrative systems. Admin privileges are restricted to very few employees. Additionally both application level roles and AWS roles are used to ensure only required operations are allowed for specific users.
Crewmojo application servers can be accessed only via HTTPS. We use industry standard encryption for data traversing to and from the application servers.
Front end applications (web browser and native apps) communicate to the database via authenticated REST API access only. With this architecture, no dynamic content is served from web servers, reducing the available attack vectors. User inputs are sanitized at the application level for user experience and validated at the API level prior to processing.
All user inputs are properly encoded when displayed to ensure XSS vulnerabilities are avoided.
All POST requests are checked for CSRF token before processing the request.
We use a NoSQL database and are not subject to traditional SQL vulnerabilities.
Data Storage and Redundancy
We use Amazon DynamoDB with point-in-time recovery configured.
With DynamoDB, there are no servers to provision, patch, or manage and no software to install, maintain, or operate. DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance. Availability and fault tolerance are built in, eliminating the need to architect the application for these capabilities.