Tag: cloud security

Cloud Security – Encryption of data at rest and in motion

There’s a lot of hype about moving to the cNine out of ten organizations are concerned with Cloud Securityloud and it is delivering on its promise of flexibility (51%), availability (50%) and cost reductions (48%). This, as a result of comprehensive research (signup required) in cooperation with the 250,000+ member Information Security Community on LinkedIn conducted by Crowd Research.

But the Cloud is still falling short when it comes to Security, which is still the biggest perceived barrier to cloud adoption. Nine out of ten organizations are very or moderately concerned about cloud security.

The dominant cloud security concerns include unauthorized access Top Three Security concerns(63%), hijacking of accounts (61%), and malicious insiders (43%). Malware, denial of service attacks, and other direct attacks against the cloud provider rank lower on the list of concerns.

Cloud Confidence Builders

The most popular method to close the cloud security gap is the ability to set and enforce consistent cloud security policies (50%). Encryption for data at rest (65%) and in motion (57%) top the list of most effective security controls for data protection in the cloud.

At frevvo, as with any public cloud vendor, we take security very seriously. Most of our customers have relatively limited security expertise and have difficulty performing regular security audits and assessments. In contrast, security is critical for us and all public cloud vendors and we implement multi-layered approaches to security taking into account data centers, storage, networks, backups, audits and policies.

Specifically, when it comes to data privacy at rest and in motion, we take many steps including:
Ecnryption at rest and motion is most effective

  • All data at rest is encrypted including databases, backups, replicas, and snapshots.
  • Employees have no direct access to database servers.
  • Users’ data and accounts are isolated from undesirable traffic and access.
  • All access is via TLS cryptographic protocols ensuring that users have a secure connection from their browsers to our services.
  • Individual user sessions are identified and verified using a unique token created at login and never re-used.
  • and more …

All this works in concert with the other security layers that we have in place to ensure that you can use frevvo’s Cloud with confidence. And, if you’re still not convinced, we also offer Private and Hybrid Cloud versions. So, security is no longer an excuse for paper/PDF based forms and approvals.

So, stop printing, signing, scanning and emailing for approvals today. Sign up for a free 30-day trial and see for yourself.

How SECURE is frevvo’s cloud?

We understand that your data is essentSecure Cloudial to your business operations and to our own success. We use a multi-layered approach to secure your information, constantly monitoring and improving our processes, services and systems.

Secure Data Centers

Our cloud services are deployed on Amazon Web Services (AWS) infrastructure. AWS provides us first class data centers that are designed and managed in alignment with security best practices and a variety of IT security standards, including SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC 2, SOC 3, FISMA, DIACAP, FedRAMP, DOD CSM Levels 1-5, PCI DSS Level 1, ISO 27001, ITAR, FIPS 140-2, and MTCS Level 3.

All of our servers reside in a number of availability zones in AWS’s Northern Virginia region (us-east-1). All customer data, including backups and redundant servers, are located only in the Northern Virginia region. We do not replicate our servers across to other regions either within the United States or internationally. At this point, we do not operate in AWS’s GovCloud region.

Secure Data Storage

All our data at rest, including our databases, backups, read replicas and snapshots, are encrypted before stored.Since we leverage Amazon’s Relational Database Service (RDS), our employees have no direct access to the actual database servers, which is fully managed by AWS.

Secure Data Transfers

Connection to our environment is done via TLS cryptographic protocols, ensuring that our users have a secure connection from their browsers to our services.

Individual user sessions are properly identified and verified on each transaction using a unique token created at login.

Secure Network

Our servers are deployed in a secure Virtual Private Cloud (VPC) network divided in a public and a private subnet. All server processing and data storage takes place in private subnets with no direct access to the Internet. We also have strict firewall policies between the public and private subnets, making sure that traffic can flow only in specific directions, to and from specific ports, including strict firewall policies between the application application and database tiers.

All traffic flowing out from our VPC goes through NAT instances which protects internal IP addresses from external hosts.

We also make sure only a single bastion host can access our internal servers for management purposes. This bastion host has a completely different IP address than our public IP addresses.

Our servers receive daily security patches to make sure they remain secure from new exploits. Password access to our servers and remote root logins are both disabled.

All AWS API access is audited to a secure write-only storage.

Backups

Backups are encrypted and performed daily remaining available for up to 35 days.

Security Policies

We centralize all our EC2 security across accounts using standard IAM policies. We implement fine-grained security controls and follow the principle of least privilege. Multi-factor authentication enabled on our master AWS accounts and master credentials are locked away and are not used for routine operational tasks.