eToolLCD is a web application hosted with Amazon Web Services (AWS). The application server itself runs on an EC2 Windows machine and is connected to a MySQL database running on the AWS RDS services. AWS S3 is used for document storage (reports and uploaded documents). A small number of external services are utilised for subscription management, transactional email and geolocation services. See the below basic architecture diagram:
The solution is hosted primarily in AWS Dublin Data centres with backups hosted in Zurich. For details on AWS Security responsibilities and controls see below links:
AWS specifically manage the following aspects:
- Data centre security
- Data at rest physical protection
- Data sanitisation at customer’s request
- Equipment disposal and effective sanitisation
- Physical resilience and availability
eToolLCD Service Configuration
eTool has configured our AWS environment following best practices as follows:
- All data is encrypted at rest
- Ports are closed by default and carefully managed so that only recognised traffic may access the server
- Data is encrypted in transit using modern TLS allowing maximum security (pending browser’s capabilities)
- The application stack is entirely housed within the Virtual Private Cloud and any access is managed via AWS Identity Management with two factor authentication
eTool Infrastructure Security Management
Some activities within the application life cycle are conducted outside of the AWS infrastructure such as product development. eTool manage the risk of these activities in the following fashion:
- Where possible data is synonymised on our test and development environments to further protect user data
- Data is encrypted at rest
- Staff are:
- Trained in IT security
- Required to sign NDAs
- Accountable to the following policies:
- Acceptable Use Policy
- Personal and Sensitive Data Protection Policy
- Password Management Policy
- Password strength, age and uniqueness are audited
- Our server is configured to resist denial of service attacks
Security Risk Mitigation
Regular independent penetration testing is conducted by an ethical hacker. The scope of works includes deep manual threat investigation and assessment, reporting on potential vulnerabilities and retesting of required fixes. Fixes to security threats are prioritised in our backlog.
eToolLCD utilises a multi-tenant database. This is a conscious decision to improve the value of the platform as users can choose to contribute building component information to the platform which greatly increases the available component data for all users. eTool has developed the following strategies to mitigate the risk to customer’s data security:
- Dedicated authentication and access management controller within the app via which all requests are submitted
- The authentication and access management controller is subject to in-depth automated front-end regression testing prior to each release
- Administrator rights are carefully managed and audited
- Requests are validated in both the front end and application server
- The scope of penetration testing includes deliberate attempts to bypass security controls by any means
- Audit logs are maintained for most database transactions so that evidence of data privacy breaches is available
- Users are required to provide 2 Factor authentication when the application detects changes to their environment or location
eToolLCD is available on modern browsers. It is best used on laptop or desktop machines. It can be used on tablets and mobiles but has not been designed specifically for this purpose and hence text size etc is likely to be an issue.
The application generally requires very low bandwidth with the exception being uploading, rendering or downloading large reports or documents which is a relatively low frequency task by most users. 1Mbps up will be more than adequate for most use cases. The application runs well in all regions despite the distance from the server (Ireland) and as such latency is rarely a noticeable issue.
eToolLCD is built with modern and popular web technologies and complies with many accessibility standards however we have not been formally audited for compliance. There may be some specific controls and components within the user interface that may not be easily navigated by persons with disabilities.
The application software and hardware is readily scaleable. We currently have over 5000 users, the app is often used by universities in training where upwards of 100 students will be accessing the application simultaneously without significant affect on performance.
eTool monitor performance in a number of ways. High level performance monitoring (infrastructure stress) is monitored via AWS Cloudwatch (see incident response for more details). Where hardware bottlenecks are identified AWS provides solutions to scale quickly.
The development team monitor the performance of application at a very detailed level (controller requests and responses) to prioritise and improve the application itself. This performance monitoring solution runs continuously and the logs are periodically reviewed to identify improvement opportunities.
Code Quality and Release Management
eToolLCD code quality is managed through a number of procedural and systematic controls. Staff are trained in new technology as it is introduced to the stack. The code is managed in a Git repository and the development team follow detailed procedures for branching, commits and pull requests to ensure the development life cycle enables relevant testing and review cycles to be completed.
During development Resharper is used to improve the quality, consistency and readability of the code. Code reviews are conducted for each pull request. Acceptance testing of the changes is also conducted at this point in dedicated test environments. Once the code review is complete (including required changes) a release candidate is compiled and deployed to our pre-production environment. Comprehensive regression automated testing (front end) using Selenium is run on the pre-production environment prior to release.
All deployments are managed with Team City to reduce scope for human error.
eToolLCD has a comprehensive Disaster Recovery Plan which spans the backup strategy, backup strategy, disaster response plan and post recovery actions. This document is available upon request.
Key points in the plan include:
- eTool proactively monitors the health of the solution with AWS Cloudwatch. Thresholds are set for infrastructure health and when these are reached alarms are triggered notifying staff via email and SMS message.
- Backups are taken at 3 hourly intervals and snapshots of our application and database are maintained appropriate intervals indefinitely
- Backups are stored in the Ireland data centre and cloned to Franfurt for redundancy
- Detailed recovery procedures are included in the plan to reduce key person risk
- Post recovery actions include communication of potential data losses to customers as well as reconfiguration of the recovered environments
Disaster recovery simulations have demonstrated an ability to recover the solution from backups in under 30 minutes.
Target Service Levels
Services levels for eToolLCD are detailed in our software Terms and Conditions, summary of key items below:
|1||27/1/2021||Richard Haynes||Henrique Mendonca||1st Public Version|