1.05 Security and Availability
Posted by Hannah Clark on 01 April 2020 07:16 AM
Physical Security, Backups, and Redundancies
- LabArchives servers are kept in a secure, primary data center with a separate, disaster recovery data center thousands of miles apart. Amazon Web Services provides additional data centers that are also at our disposal.
- Customer data is synced between a primary and disaster recovery data center regularly.
- Regular backups of private customer data are kept in multiple locations in encrypted form,
- LabArchives servers are completely isolated from other corporate servers, email systems, networks, etc.
- Any access into primary and disaster recovery systems is limited to only LabArchives systems staff.
- Primary and secondary data centers provide redundancies for power, HVAC and network connectivity.
- LabArchives servers are protected by redundant, industry standard firewalls and security devices.
- All network traffic is logged and monitored for any suspicious or unusual activity regularly
Data and Application Security
- LabArchives is a secure application written in Ruby and runs on Linux servers via Amazon Web Services.
- SSL certificates provide full-time HTTPS security for all user interactions with the application.
- LabArchives supports both a proprietary login option and allows for integration with Shibboleth systems.
- The code is written by our own developers with decades of experience writing secure, data driven, web applications.
- LabArchives has successfully passed numerous network and application security tests from multiple vendors.
- Each customer’s data is stored in its own database, isolated from other customer data.
- Disk storage systems used for customer data utilize block-level “encryption at rest” via LUKS/AES/SHA256 and all backups of customer data reside only in an encrypted form.
- Any retired or replaced disk storage devices used for customer data are destroyed and are not reused or sold.
- For proprietary logins, account passwords are stored in encrypted form using SHA1 and a unique salt token for each password. Shibboleth integrations store secure passwords in an organization’s Shibboleth system.
- LabArchives only stores data provided by its customers. LabArchives itself does not store any private user information such as social security numbers, driver’s license numbers, bank information, credit cards, etc. Credit cards are completed handled and stored by a PCI-compliant vendor.
- All access to LabArchives is logged and application logs are monitored regularly for malicious or unusual traffic.
- Critical server statistics and accessibility details are monitored from multiple locations worldwide continuously.
- Systems staff are ready to respond when monitoring thresholds for performance and availability are reached.
- Procedures to failover to secondary data centers have been documented and are tested regularly.