| Line 20: |
Line 20: |
| | </div> | | </div> |
| | | | |
| − | ==Product Architecture Overview== | + | ==Security Design and Data in myViewBoard== |
| | | | |
| − | <gallery widths="300" heights="300">
| + | Security is always the highest priority of our concerns. myViewBoard had introduced different techniques to ensure you could use our service always in the good and safe environment. |
| − | Security_arch_chart.png
| |
| − | Security_prod_arch_overview.png
| |
| − | </gallery>
| |
| | | | |
| − | ==Storing and Managing Encryption Keys in the Cloud== | + | ===Security design and implementation=== |
| | + | myViewBoard introduced the firewall to protect all the assets for the system. All the traffic had been monitored by a firewall to ensure there is no malicious connection connecting to our systems. Also, we introduced the PKI infrastructure to ensure the identity of the servers. The PKI could provide the integrity to ensure the service had been served in the proper secure way. |
| | | | |
| − | Security measures that rely on encryption require encryption keys. In the cloud, as in an on-premises system, it is essential that access keys are secure. Combining server-side encryption with AWS key management and storage capabilities, Amazon Web Services is able to provide an HSM service in the cloud known as AWS CloudHSM.
| + | Besides the above, myViewBoard had already applied SSL certificates to encrypt all the transactions between you and our system. All the traffic you send and get through from our system is in private. myViewBoard uses SHA 256 with RSA encryption algorithm to ensure that all traffic is safe during data transmission. We do not allow any open-text connections to [myviewboard.com] so that all your connections would be in a highly secured way to connected with us. |
| | | | |
| | + | Moreover, myViewBoard employed different cloud vendors for infrastructure support. By the empower of cloud vendors, your data and data transmission are placed in the most secure way that the top-tier cloud vendor provided. Inside the access, the encryption keys are required to use as the mandatory identity validation method. myViewBoard also deployed the Web Application Firewall (WAF) to protect your connection within the safe and proper good way for transmitting data. By the empowering of our WAF, DDoS protection and network vulnerability prevention had been formed into our infrastructure to provide you a clean and safe space for using our service. |
| | | | |
| − | AWS employs a private network with ssh support for secure access between tiers and is configurable to limit access between tiers.
| + | ===Data Segregation=== |
| | | | |
| − | <div class="res-img" style="width:50%;height:auto;">
| + | In myViewBoard, your data will be saved on our secure database system which only a limited number of our internal colleagues could touch for. In most scenarios, myViewBoard would not directly access your data. |
| − | [[File:Security_mng_encrypt_keys.png]]
| |
| − | </div>
| |
| | | | |
| − | Reference: Amazon Web Services
| + | To perform the good data segregation standard, myViewBoard uses a different system to isolate our colleagues who could touch what category of data. We are working from the least privileged model which means your colleagues will not be able to access the data they do not need. |
| | + | Also, by the segregation of data concept, myViewBoard only collects the data need to perform our tasks. All the data and information you provided will be under our security protocol to perform regular access audits and review the control procedures. |
| | | | |
| − | ==Protecting Data in Transit to Amazon S3== | + | ===Data Encryption=== |
| | | | |
| − | Like AWS service management, Amazon S3 is accessed over HTTPS. This includes all Amazon S3 service management requests, as well as user payload, such as the contents of objects being stored/retrieved from Amazon S3 and associated metadata. When the AWS service console is used to manage Amazon S3, an SSL/TLS secure connection is established between the client's browser and the service console endpoint. All subsequent traffic is protected within this connection. When Amazon S3 APIs are used directly or indirectly, an SSL/TLS connection is established between the client and the Amazon S3 endpoint. All subsequent HTTP, and user payload traffic is encapsulated within the protected session.
| + | In myViewBoard, all data will be encrypted and store in our database system. Besides the data at rest, myViewBoard also takes good care of data in transit. |
| | | | |
| − | <div class="res-img" style="width:50%;height:auto;">
| + | For all services in myViewBoard, we had enabled the SSL/TLS encryption between different parties. All the traffic is transferred under the SHA256 encryption by our SSL certification. The certificate will be continuously updated and renew by us to ensure the safety of the data passing. |
| − | [[File:Security_Amazon_S3.png]]
| |
| − | </div>
| |
| | | | |
| − | Reference: Amazon Web Services
| + | ===Data Usage=== |
| − | | |
| − | | |
| − | ==Protecting Data in Transit to Amazon RDS== | |
| − | | |
| − | Connecting to Amazon RDS from Amazon EC2 in the same region relies on the security of the AWS network. Connection from the internet uses SSL/TLS for additional protection. SSL/TLS provides peer authentication via server X.509 certificates, data integrity authentication, and data encryption for the client-server connection. SSL/TLS is currently supported for connections to Amazon RDS MySQL and Microsoft SQL instances. For both products, Amazon Web Services provides a single self-signed certificate associated with the MySQL or Microsoft SQL listener. Amazon RDS for Oracle Native Network Encryption encrypts the data as it moves into and out of the database. Oracle Native Network Encryption encrypts network traffic travelling over Oracle Net Services using industry standard encryption algorithms such as AES and Triple DES.
| |
| − | | |
| − | <div class="res-img" style="width:50%;height:auto;">
| |
| − | [[File:Security_amazon_rds_vpc.png]]
| |
| − | </div>
| |
| − | | |
| − | Amazon RDS VPC
| |
| − | | |
| − | ==Protecting Data in Transit to Amazon DynamoDB==
| |
| − | | |
| − | Connecting to DynamoDB from other services from AWS in the same region relies on the security of the AWS network. Connecting to DynamoDB across the internet uses HTTP over SSL/TLS (HTTPS) to connect to DynamoDB service endpoints. Avoid any HTTP for access to DynamoDB and for all connections across the internet.
| |
| − | | |
| − | | |
| − | <div class="res-img" style="width:50%;height:auto;">
| |
| − | [[File:Security_dynamoDB.png]]
| |
| − | </div>
| |
| | | | |
| | + | Besides the above, myViewBoard is concerned with all your data shared with us. All your temporary files will be deleted when you exit the application, sign out, switch users, or reach idle time. |
| | + | And as per the architecture by OAuth 2.0, we do not store your password on our system when you use other identity providers to access our system. |
| | + | In myViewBoard, we will not share or sell your data to a third party for any other purpose which means we will not allow other parties to access your information for any purpose. |
| | + | For the collection of data and its usage, including GDPR protection policy, please reference to https://myviewboard.com/policy for more details. |
| | | | |
| | ==Secure Streaming Service== | | ==Secure Streaming Service== |