Application security
Infrastructure Overview
Our SaaS application leverages the robust infrastructure provided by AWS to ensure high levels of security and performance. Central to our security architecture is the strategic use of encryption and network isolation. Below, we detail the key components of our infrastructure security approach.
Encryption with AWS KMS
All sensitive data handled by our application is encrypted using AWS Key Management Service (KMS). AWS KMS provides highly secure and manageable key storage that complies with our strict security policies and regulatory requirements. By utilizing AWS KMS, we ensure that all data at rest is protected using state-of-the-art cryptographic techniques.
Private VPC Subnets
We prioritize network isolation by deploying our critical application components within private VPC subnets. These subnets are designed to restrict access and provide a secure environment for data processing and storage. By isolating our resources in private subnets, we minimize exposure to potential external threats.
Public Subnets and Access Points
For components that need to be accessible from the internet, such as our load balancers and bastion hosts, we use public subnets. Specifically, we employ AWS Application Load Balancers (ALB) in our public subnets to manage incoming traffic efficiently and securely. The ALB setup includes well-defined security groups that strictly control inbound and outbound traffic according to the principle of least privilege.
Additionally, we maintain a bastion host within a public subnet, which serves as a secure entry point for our administrators. This setup ensures controlled access via VPN, further securing our internal networks against unauthorized access.
Multi-Tenancy Architecture
Our SaaS platform is built on the Contember Engine, which is inherently designed to support multi-tenancy. This architectural choice is pivotal in how we handle data isolation and security across different client organizations.
Database Isolation
Each organization on our platform is assigned its own database. This approach not only enhances security by segregating each tenant's data from others but also improves performance by optimizing database resources for individual needs. Such isolation ensures that operations performed by one tenant do not impact the availability or performance of the databases belonging to other tenants.
Secure Asset Management with Simple Image Service
To manage client assets securely, particularly images, we utilize our self-hosted Simple Image Service. This service ensures that images are only accessible through signed JWT tokens. These tokens are meticulously verified to grant access only to images associated with the requester's organization, thereby enforcing strict data confidentiality and access controls.
Storage and Access Controls
Behind the scenes, all images are stored in AWS S3 buckets. We employ a structured key management system where each organization's assets are prefixed uniquely in the S3 bucket keys. This setup not only facilitates organized data management but also enhances security by segregating storage at the object level.
Comprehensive Audit Logging
Ensuring accountability and traceability within our system is paramount. Our platform, powered by the Contember Engine, incorporates extensive auditing capabilities that enhance our security and compliance measures.
Audit Logs in Contember Engine
The Contember Engine provides built-in audit logging features, which play a crucial role in monitoring and recording all activities within our system. This functionality enables us to maintain a detailed history of who did what and when. Each action taken within the platform, whether it's data modification or an administrative task, is logged with comprehensive details. Currently, while we store these audit logs securely, we have not yet implemented a user interface (UI) for easy access and management of these logs. This is a planned upgrade that will further enhance our auditing capabilities.
AWS Access Logs
In addition to our internal audit logs, we leverage AWS services to further enhance our logging capabilities:
- Load Balancer Access Logs: These logs provide detailed records of all requests made to our load balancers. Analyzing this data helps us identify anomalous patterns that could indicate security threats.
- S3 Bucket Access Logs: For all our AWS S3 buckets, access logs are enabled to track requests for access or changes to stored data. This is critical for ensuring that only authorized users are accessing sensitive information.
- API Gateway Logs: Our Simple Image Service uses AWS API Gateway, where we maintain detailed logs of all API calls. This helps us monitor and manage how our APIs are being used, ensuring that they are secure and perform optimally.
Integration with Third-Party Services
To further enhance our application's functionality and user experience, we integrate several third-party services. Each of these services plays a crucial role in our operations, helping us to monitor performance, gather user feedback, and guide users through our platform.
Sentry for Error Tracking
We use Sentry as our primary tool for real-time error tracking and monitoring. Sentry helps us to identify, triage, and fix crashes in real-time, thereby improving our application's reliability and performance. This integration ensures that we can quickly respond to and resolve issues before they impact our users significantly.
SmartLook for User Behavior Insights
SmartLook is employed to obtain qualitative data on how users interact with our application. By recording sessions and creating heatmaps, SmartLook allows us to visualize user behavior, identifying usability issues and opportunities for optimization. This insight is invaluable for enhancing user interfaces and workflows.
UserPilot for User Engagement
UserPilot is integrated to facilitate user onboarding, feature adoption, and proactive support. It enables us to create in-app experiences tailored to user behavior and feedback, effectively guiding users through complex workflows and new features. UserPilot helps us to drive engagement and ensure users gain maximum value from our application.
Strict Data Access Controls
Maintaining the confidentiality and integrity of user data is a top priority for our organization. To ensure the highest level of security, access to user data is strictly limited within our team.
Limited Access Policy
Access to user data is granted only to a select group of employees and primarily for the purpose of troubleshooting and resolving bugs. Additionally, access may be granted upon explicit request from a client, ensuring that we can respond to their needs while still upholding our security standards. This ensures that sensitive information is handled responsibly and minimally, reducing the risk of exposure.
Binding Non-Disclosure Agreements
All personnel with access to sensitive data are bound by strict non-disclosure agreements (NDAs). These agreements legally obligate them not to misuse or disclose any user information. This contractual measure reinforces our commitment to user privacy and data protection.
Compliance and Future Security Initiatives
As a young startup, our current compliance efforts are focused primarily on adhering to the General Data Protection Regulation (GDPR). While we are not yet subject to other formal compliance frameworks, we are laying the groundwork for future certifications.
Commitment to Compliance
Despite the absence of extensive compliance certifications at this stage, we are committed to operating with the highest integrity and awareness. We actively prepare for potential future certifications by aligning our practices with industry standards and best practices. This includes updating our dependencies every week to ensure that we are protected against known vulnerabilities and are utilizing the latest features available. This proactive approach ensures that we will be ready to meet the requirements of additional compliance frameworks as we grow and expand.
Planned Security Enhancements
Looking ahead, we have scheduled penetration testing to be conducted by an external firm at the end of 2024. This testing will help us identify and address potential vulnerabilities in our system, reinforcing our commitment to security and the protection of our clients' data. This step is part of our ongoing effort to enhance our security measures and ensure our infrastructure remains robust against evolving threats.