We are committed to information security and privacy. We have the appropriate technical and organizational measures designed to protect our customer data against unauthorized access, modification or deletion. We believe employee competence is key to protecting our customer data. New employees are required to complete training when they start. All employees are required to take training at least annually. Employees that handle personal information are required to complete additional requirements appropriate to their roles and responsibilities.
We leverage Amazon Web Services’ expertise in data center and infrastructure management. Our infrastructure is secured and segmented using the AWS Virtual Private Cloud (VPC) feature. Content is stored in Amazon S3 and delivered through the Amazon CloudFront content delivery network. We use Amazon RDS for MySQL database services. We maintain remote database backups in physically separate data centers. We make extensive use of AWS CloudWatch features to monitor our system availability. We use AWS IAM identity management features to facilitate and audit access to all AWS resources. For a complete overview of Amazon Web Services security practices and regulatory compliance information, please see the following:
AWS CloudWatch is used to monitor server statistics like CPU, memory, disk, and network utilization. We also monitor database metrics including requests, response times, hot indices, lock contention, and slow queries.
New Relic is also utilized to monitor the performance of our application so we have visibility into page load times, API response times, error rates, and slow transactions.
Pingdom alerts us to system-wide incidents. Incidents are escalated to our on-call team through PagerDuty.
Backups and Disaster Recovery
Our platform is served primarily from the AWS US-East-1 region in N. Virginia. We have designed our system so that we can stand it up in a second region within 2 hours of a disaster that takes the entirety of the US-East-1 region offline. We maintain backups of our MySQL databases in separate physical data centers.
Our application servers run ThreatStack, a host-based intrusion detection system that records all commands (and syscalls) made on those servers. Suspicious commands (like “wget” or “curl”) immediately trigger an alert. ThreatStack also analyzes our AWS CloudTrail logs for alarming changes and alerts on those (IAM policy changes and security group changes being the most important). ThreatStack also analyzes operating system packages and reports on vulnerabilities daily, so that we know if we have a system with vulnerable software on it.
Remote access to all production resources occurs via a restricted network. All access to our production resources occurs over an IPSec VPN connection.
Administrative access to production systems is logged and audited. Database credentials are acquired via AWS Secrets Manager, which maintains an audit log of both administrators and systems accessing our database. We maintain audit logs of all user activity on our application servers.
We use AWS CloudTrail system to log API and console access to AWS resources. AWS access is controlled: each person that is able to log in is granted an explicit set of rights necessary to do what they need to do, and no more. We do not use AWS root keys for access at any time – all access is managed via AWS IAM services. Each administrator accesses the system using a unique set of credentials, keypairs, or API keys.