Approach

At allGood, we base our approach to security on the Security Pillar of the AWS Well-Architected Framework:

Security foundations - Security Pillar

Core Principles

Specifically, we guide ourselves with the following core principles:

  1. Least Privilege: Users and system components should only have the minimum set of privileges needed to perform their role.
  2. Least Surprise: We avoid design choices that are wild or out-of-the-ordinary. If given a decision, we’ll take the most boring option—leaning on established best-practice rather than home-grown solutions.
  3. Traceability: Security events should be recorded and be able to be analyzed to determine the cause and impact of security incidents.
  4. Defense in Depth: Security measures should be layered to provide multiple levels of protection for sensitive data and systems. This includes implementing network security, access controls, and encryption at multiple layers of the infrastructure. We strive to avoid single points of failure in our security posture.
  5. Automation: Security controls should be automated as much as possible to reduce the risk of human error and ensure consistent application across the infrastructure.

Data Protection

To ensure that confidential data remains secure, we deploy a comprehensive system of privacy controls:

  1. Encryption at rest: All data is encrypted when stored, using industry-standard encryption algorithms. This ensures that even if an attacker gains access to the physical storage device, they will not be able to access the data without the encryption key.
  2. Encryption in transit: All data is transmitted using secure protocols such as HTTPS and SSL/TLS. This ensures that the data cannot be intercepted or modified in transit. Additionally, we minimize the amount of data which traverses public networks.
  3. Access controls: We implement strict access controls to ensure that only authorized personnel have access to sensitive data. This includes role-based access controls, multi-factor authentication, and regular audits of access logs.

Physical Security

All of the allGood services run in AWS. This means that the datacenters handling your data have been accredited under ISO 27001, SOC 1, SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).

For the physical resources that allGood does manage (such as employee laptops), we follow best-practice methods to ensure security: among other techniques and policies, we require encryption at rest, and maintain the capability to remotely render sensitive data inaccessible (by encryption or by deletion).