Data Storage and Security

About Amazon Web Services

Carelever is hosted on Amazon Web Services (AWS) – the world leading cloud hosting solution.

The data and hosting services we use are stored in the Asia Pacific Region located in Sydney, NSW.  Hosting of the platform within AWS provides many advantages over traditional bespoke data-centre and infrastructure. These benefits include:

• Flexibility: AWS provides a virtual environment that allows us to design our technical environment stack to specifically meet the needs of our applications and services. It provides many options for configuration of and building out our solutions.
• Reliability and Resiliency: The AWS offering provides advantages of a scalable, reliable, and secure global computing infrastructure. The global aspect to AWS allows our design to be built to provide optimum performance and have high degrees of redundancy and fail-over. AWS has been built up over more than a decade on the virtual backbone of Amazon.com’s online business.
• Scalability and High-Performance: KINNECT and Carelever take advantage of the available AWS tools such as; Auto Scaling, and Application\Elastic Load Balancing, to all easy and rapid application scale up or down based on demand. We have access to compute and storage resources whenever needed to improve our performance.
• Security: AWS utilizes an end-to-end approach to secure and harden our infrastructure, including physical, operational, and software measures.

Amazon Web Services Hosting Network

AWS Hosting network is designed to provide highly available, redundant and resilient service. It removes single points of failures and utilises the inherent features of AWS to provide best possible performance, reliability, and self-healing infrastructure.  Using AWS provides world class protection.  Some of these benefits reported from Amazon include:

• Built-in Security Features: Applications and data are protected by highly secure facilities and infrastructure and by an extensive network and security monitoring systems. These systems provide basic but important security measures and password brute-force detection on AWS Accounts.
• Secure access – Customer access points, also called API endpoints, allow secure HTTP access (HTTPS) so that can establish secure communication sessions with AWS services using SSL encryption.
• Built-in firewalls – can control how accessible instances are by configuring built-in firewall rules – from totally public to completely private, or somewhere in between. Instances reside within a Virtual Private Cloud (VPC) subnet to control egress as well as ingress.
• Unique users – The AWS Identity and Access Management (IAM) tool allows control of the level of access users have to AWS infrastructure services. With AWS IAM, each user can have unique security credentials, eliminating the need for shared passwords or keys and allowing the security best practices of role separation and least privilege.
• Security logs – AWS CloudTrail provides logs of all user activity within AWS account. You can see what actions were performed on each of AWS resources and by whom. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
• Asset identification and configuration – With the AWS Config service, you can immediately discover all of AWS resources and view the configuration of each. You can receive notifications each time a configuration changes as well as dig into the configuration history to perform incident analysis.
• Web Application Firewall – AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Application Load Balancer and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, an Application Load Balancer responds to requests either with the requested content or with an HTTP 403 status code (Forbidden).
• AWS Shield – AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimise application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection.

Amazon Web Services Compliance Program

The AWS Compliance Program enables us to understand the robust security in place and then helps them streamline their compliance with industry and government requirements for security and data protection. The IT infrastructure that AWS provides to its customers is designed and managed in alignment with security best practices and a variety of IT security standards, including:

• • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)
  • SOC 2
  • SOC 3
  • FISMA, DIACAP, and FedRAMP
  • DOD CSM Levels 1-5
  • PCI DSS Level 1
  • ISO 27001
  • ITAR
  • FIPS 140-2
  • MTCS Level 3

In addition, the flexibility and control that the AWS platform provides allows solutions to meet several industry-specific standards, including:

• • HIPAA
  • Cloud Security Alliance (CSA)
  • Motion Picture Association of America (MPAA)

AWS provides a wide range of information regarding its IT control environment to customers through white papers, reports, certifications, accreditation’s, and other third-party attestations.

Our SaaS solution is delivered to ensure a reliable and secure service to our customers. Our SLA’s are determined by the SLA’s in place with Amazon. In the event, Amazon changes their SLA commitments on their AWS environments and services the SLA’s will no longer be valid and new SLA’s and definitions will be discussed and renegotiated with our client within 30 days of Amazon notice of changes to us. We provide back-to-back SLA’s to our customers of these Amazon SLA’s. They are:

• • Route53 (DNS resolving) has a service commitment of 100% availability
  • AWS Elastic\Application Load Balancers has service commitment of 100% availability
  • S3 (storage service has a service availability commitment of 99%
  • EC2 (compute, all of our machine instances, their SSDs, NICs, etc) has a service commitment of 99.95%

Multilevel Tenancy Support

We support multi tenancy with the use of row level security.  All data is stored in our secure database and only tenancies that are meant to have access to the data can read, write and delete it