Introduction

As a part of our day-to-day business ethics and conduct, we do care about all data related aspects, especially those related to data security. 

 

Data storage

All data stored by Indicado is restricted to AWS environment, more specifically to S3 and RDS services, which provide server-side data-at-rest encryption. This ensures that customer’s data is only decrypted when accessed by authorized entities.

 

Data classification and ownership

Full commitment to protecting customer information is made by both AWS and Indicado. Thus full ownership of all data collected by Indicado is maintained by the customer. 

Moreover, data stored by Indicado will be completely removed upon customer’s request or after a predefined period after subscription discontinuance.

 

Data collection, transfer, and encryption

To ensure confidentiality and integrity of customer’s data, all acquisition, transfer and internal processing data operations are performed over encrypted channels using strong and secure encryption algorithms and keys.

Additionally, all data is encrypted at-rest no matter if it is sensitive or not, to provide the highest protection standards. 

 

Business Continuity and Disaster Recovery

Indicado leverages AWS S3 to store reporting data, which ensures 99.999999999% durability and 99.99% availability of objects over a given year. 

This, in combination with backup and snapshot mechanisms, ensure high levels of availability for customer’s data.

 

Infrastructure

The physical infrastructure is provided by Amazon AWS and all services are hosted in the us-east-1, Northern Virginia region. Services are deployed in multiple availability zones to ensure availability even in case of AWS datacenter failure.

Infrastructure is provisioned using the IaC (Infrastructure as Code) approach, which provides almost immediate recover capabilities in case of a full AWS region failure.

 

Monitoring

Indicado’s application and the infrastructure it is hosted on are monitored by both AWS provided solutions such as CloudWatch, CloudTrail, and ElasticSearch, as well as additional tools like Pingdom/Pagerduty, Loggly, etc.

Data collected is consolidated in data visualization tools to allow easy identification and procession of items ranging from application errors to security incidents.

 

Networking services

Indicado infrastructure leverages AWS VPC concept to properly isolate sensitive services from both the external world and internal systems.

Proper segmentation ensures that only authorized entities are able to access certain services and that, in case of a security breach, the impact is minimized by reducing the exposed areas.

Services such as AWS Shield, Web Application Firewall, GuardDuty and Inspector are used to provide protection against DDOS, common web attacks and exploits, monitor for instance vulnerabilities and threat monitoring.

Additionally, all communication between on-premises and AWS is fully encrypted through dedicated VPN channels.

 

Access control

The least privilege principle is enforced and access to Indicado infrastructure and its data is granted on a need-to-know basis, while at the same enforcing additional conditions to prevent unauthorized access.

Multi-factor authentication, network-based authorization, centralized authentication solution, and monitoring are some of the items that compose our identity and access management framework.

Regarding Indicado, we use AWS Cognito as our platform for authentication and authorization, therefore providing native support for MFA, secure password storage, risk-based adaptive authentication and protection from the use of compromised credentials.

 

Human resource security

Besides technical aspects, we at Indicado are committed to cover security factors related to human resources. 

This is accomplished by requiring non-disclosure agreement from all our employees even if they are not directly related to the product, having a complete and thorough on and off-boarding process and providing them with the necessary information security training.

The off-boarding process also ensures that after their collaboration ends, all accesses will be removed and equipment returned.

 

Security audit

Automated infrastructure audits are performed periodically in our environment and identified issues are quickly addressed.