How We Protect Your Data
We Always Encrypt Data.
All information that we receive and transmit is fully encrypted. We are committed to using the most advanced encryption techniques to ensure that you are as protected as possible.
We Employ Strict Access Controls.
We employ significant controls to ensure your data remains secure. PBXDOM actively employs a policy of least provisioning where employees are only granted the minimum system access to perform their assigned job function. PBXDOM employees cannot decrypt encrypted account data.
We use only SSL (HTTPS protocol) for communication.
All communication to/from PBXDom to your side is completely encrypted and can not be accessed by any middle man.
We Employ Secure Data Centers.
PBXDOM stores its data in AWS . All of the data centers have achieved ISO/IEC 27001:2005 certification, PCI DSS Level 1 compliance, and SAS70 Type II compliance. Learn more about AWS.
Benefits of AWS Security
AWS Global Infrastructure Security
AWS operates the global cloud infrastructure that you use to
provision a variety of basic computing resources such
as
processing and storage. The AWS global infrastructure includes
the facilities, network, hardware, and operational
software
(e.g., host OS, virtualization software, etc.) that support the
provisioning and use of these resources. The AWS
global
infrastructure is designed and managed according to security best
practices as well as a variety of security
compliance standards.
As an AWS customer, you can be assured that you’re building web
architectures on top of some
of the most secure computing
infrastructure in the world.
AWS Compliance
Amazon Web Services Compliance enables customers to understand the
robust controls in place at AWS to maintain
security and data
protection in the cloud. As systems are built on top of AWS cloud
infrastructure, compliance
responsibilities will be shared. By
tying together governance-focused, audit-friendly service features
with applicable
compliance or audit standards, AWS Compliance
enablers build on traditional programs; helping customers to
establish
and operate in an AWS security control environment. The
IT infrastructure that AWS provides to its customers is
designed
and managed in alignment with security best practices and a variety
of IT security standards, including:
SOC 1/SSAE 16/ISAE 3402
(formerly SAS 70)
SOC 2
SOC 3
FISMA, DIACAP, and
FedRAMP
DOD CSM Levels 1-5
PCI DSS Level 1
ISO 9001 / ISO
27001
ITAR
FIPS 140-2
MTCS Level 3
In addition, the
flexibility and control that the AWS platform provides allows
customers to deploy solutions that meet
several industry-specific
standards, including:
Criminal Justice Information Services
(CJIS)
Cloud Security Alliance (CSA)
Family Educational Rights
and Privacy Act (FERPA)
Health Insurance Portability and
Accountability Act (HIPAA)
Motion Picture Association of America
(MPAA)
AWS provides a wide range of information regarding its IT
control environment to customers through white papers,
reports,
certifications, accreditations, and other third-party attestations.
More information is available in the Risk and
Compliance
whitepaper available on the website: http://aws.amazon.com/compliance/.
Physical and Environmental Security
AWS’s data centers are state of the art, utilizing innovative
architectural and engineering approaches. Amazon has many
years
of experience in designing, constructing, and operating large-scale
data centers. This experience has been applied
to the AWS
platform and infrastructure. AWS data centers are housed in
nondescript facilities. Physical access is strictly
controlled
both at the perimeter and at building ingress points by professional
security staff utilizing video surveillance,
intrusion detection
systems, and other electronic means. Authorized staff must pass
two-factor authentication a
minimum of two times to access data
center floors. All visitors and contractors are required to present
identification and
are signed in and continually escorted by
authorized staff.
AWS only provides data center access and
information to employees and contractors who have a legitimate
business
need for such privileges. When an employee no longer has
a business need for these privileges, his or her access
is
immediately revoked, even if they continue to be an employee
of Amazon or Amazon Web Services. All physical access
to data
centers by AWS employees is logged and audited routinely.
Fire Detection and Suppression
Automatic fire detection and suppression equipment has been installed
to reduce risk. The fire detection system utilizes
smoke
detection sensors in all data center environments, mechanical and
electrical infrastructure spaces, chiller rooms
and generator
equipment rooms. These areas are protected by either wet-pipe,
double-interlocked pre-action, or
gaseous sprinkler systems.
Power
The data center electrical power systems are designed to be fully
redundant and maintainable without impact to
operations, 24 hours
a day, and seven days a week. Uninterruptible Power Supply (UPS)
units provide back-up power in
the event of an electrical failure
for critical and essential loads in the facility. Data centers use
generators to provide
back-up power for the entire facility.
Climate and Temperature
Climate control is required to maintain a constant operating
temperature for servers and other hardware, which
prevents
overheating and reduces the possibility of service outages. Data
centers are conditioned to maintain
atmospheric conditions at
optimal levels. Personnel and systems monitor and control
temperature and humidity at
appropriate levels.
Management
AWS monitors electrical, mechanical, and life support systems and
equipment so that any issues are immediately
identified.
Preventative maintenance is performed to maintain the continued
operability of equipment.
Storage Device Decommissioning
When a storage device has reached the end of its useful life, AWS
procedures include a decommissioning process that is
designed to
prevent customer data from being exposed to unauthorized
individuals. AWS uses the techniques detailed
in DoD 5220.22-M
(“National Industrial Security Program Operating Manual “) or NIST
800-88 (“Guidelines for Media
Sanitization”) to destroy data as
part of the decommissioning process. All decommissioned magnetic
storage devices are
degaussed and physically destroyed in
accordance with industry-standard practices.
Network Security
The AWS network has been architected to permit you to select the
level of security and resiliency appropriate for your
workload.
To enable you to build geographically dispersed, fault-tolerant web
architectures with cloud resources, AWS
has implemented a
world-class network infrastructure that is carefully monitored and
managed.
Secure Network Architecture
Network devices, including firewall and other boundary devices, are
in place to monitor and control communications at
the external
boundary of the network and at key internal boundaries within the
network. These boundary devices
employ rule sets, access control
lists (ACL), and configurations to enforce the flow of information
to specific information
system services.
ACLs, or traffic flow
policies, are established on each managed interface, which manage
and enforce the flow of traffic.
ACL policies are approved by
Amazon Information Security. These policies are automatically pushed
using AWS’s ACLManage
tool, to help ensure these managed
interfaces enforce the most up-to-date ACLs.
Secure Access Points
AWS has strategically placed a limited number of access points to the
cloud to allow for a more comprehensive
monitoring of inbound and
outbound communications and network traffic. These customer access
points are called API
endpoints, and they allow secure HTTP
access (HTTPS), which allows you to establish a secure communication
session
with your storage or compute instances within AWS. To
support customers with FIPS cryptographic requirements,
the
SSL-terminating load balancers in AWS GovCloud (US) are FIPS
140-2-compliant.
In addition, AWS has implemented network devices
that are dedicated to managing interfacing communications
with
Internet service providers (ISPs). AWS employs a redundant
connection to more than one communication service at
each
Internet-facing edge of the AWS network. These connections each have
dedicated network devices.
Transmission Protection
You can connect to an AWS access point via HTTP or HTTPS using Secure
Sockets Layer (SSL), a cryptographic protocol
that is designed to
protect against eavesdropping, tampering, and message
forgery.
For customers who require additional layers of network
security, AWS offers the Amazon Virtual Private Cloud
(VPC),
which provides a private subnet within the AWS cloud, and
the ability to use an IPsec Virtual Private Network (VPN)
device
to provide an encrypted tunnel between the Amazon VPC and your data
center.
Amazon Corporate Segregation
Logically, the AWS Production network is segregated from the Amazon
Corporate network by means of a complex set of
network security /
segregation devices. AWS developers and administrators on the
corporate network who need to
access AWS cloud components in
order to maintain them must explicitly request access through the
AWS ticketing
system. All requests are reviewed and approved by
the applicable service owner.
Approved AWS personnel then connect
to the AWS network through a bastion host that restricts access to
network
devices and other cloud components, logging all activity
for security review. Access to bastion hosts require SSH
publickey
authentication for all user accounts on the host. For
more information on AWS developer and administrator
logical
access, see AWS Access below.
Fault-Tolerant Design
Amazon’s infrastructure has a high level of availability and provides
you with the capability to deploy a resilient IT
architecture.
AWS has designed its systems to tolerate system or hardware failures
with minimal customer impact.
Data centers are built in clusters
in various global regions. All data centers are online and serving
customers; no data
center is “cold.” In case of failure,
automated processes move customer data traffic away from the
affected area. Core
applications are deployed in an N+1
configuration, so that in the event of a data center failure, there
is sufficient
capacity to enable traffic to be load-balanced to
the remaining sites.
AWS provides you with the flexibility to
place instances and store data within multiple geographic regions as
well as
across multiple availability zones within each region.
Each availability zone is designed as an independent failure
zone.
This means that availability zones are physically separated
within a typical metropolitan region and are located in
lower
risk flood plains (specific flood zone categorization
varies by region). In addition to utilizing discrete
uninterruptable
power supply (UPS) and onsite backup generators,
they are each fed via different grids from independent utilities
to
further reduce single points of failure. Availability zones
are all redundantly connected to multiple tier-1
transit
providers.
You should architect your AWS usage to take
advantage of multiple regions and availability zones.
Distributing
applications across multiple availability zones
provides the ability to remain resilient in the face of most
failure
scenarios, including natural disasters or system
failures. However, you should be aware of location-dependent
privacy
and compliance requirements, such as the EU Data Privacy
Directive. Data is not replicated between regions
unless
proactively done so by the customer, thus allowing
customers with these types of data placement and
privacy
requirements the ability to establish compliant
environments. It should be noted that all communications
between
regions is across public Internet infrastructure;
therefore, appropriate encryption methods should be used to
protect
sensitive data.
As of this writing, there are eleven
regions: US East (Northern Virginia), US West (Oregon), US West
(Northern
California), AWS GovCloud (US), EU (Ireland), EU
(Frankfurt), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia
Pacific
(Sydney), South America (Sao Paulo), and China
(Beijing).
AWS GovCloud (US) is an isolated AWS Region designed
to allow US government agencies and customers to move
workloads
into the cloud by helping them meet certain regulatory and
compliance requirements. The AWS GovCloud
(US) framework allows
US government agencies and their contractors to comply with U.S.
International Traffic in Arms
Regulations (ITAR) regulations as
well as the Federal Risk and Authorization Management Program
(FedRAMP)
requirements. AWS GovCloud (US) has received an Agency
Authorization to Operate (ATO) from the US Department of
Health
and Human Services (HHS) utilizing a FedRAMP accredited Third Party
Assessment Organization (3PAO) for
several AWS services.
The
AWS GovCloud (US) Region provides the same fault-tolerant design as
other regions, with two Availability Zones. In
addition, the AWS
GovCloud (US) region is a mandatory AWS Virtual Private Cloud (VPC)
service by default to create an
isolated portion of the AWS cloud
and launch Amazon EC2 instances that have private (RFC 1918)
addresses. More
information about GovCloud is available on the
AWS website: http://aws.amazon.com/govcloud-us/
Network Monitoring and Protection
AWS utilizes a wide variety of automated monitoring systems to
provide a high level of service performance and
availability. AWS
monitoring tools are designed to detect unusual or unauthorized
activities and conditions at ingress
and egress communication
points. These tools monitor server and network usage, port scanning
activities, application
usage, and unauthorized intrusion
attempts. The tools have the ability to set custom performance
metrics thresholds for
unusual activity.
Systems within AWS
are extensively instrumented to monitor key operational metrics.
Alarms are configured to
automatically notify operations and
management personnel when early warning thresholds are crossed on
key
operational metrics. An on-call schedule is used so personnel
are always available to respond to operational issues.
This
includes a pager system so alarms are quickly and reliably
communicated to operations personnel.
Documentation is maintained
to aid and inform operations personnel in handling incidents or
issues. If the resolution of
an issue requires collaboration, a
conferencing system is used which supports communication and logging
capabilities.
Trained call leaders facilitate communication and
progress during the handling of operational issues that
require
collaboration. Post-mortems are convened after any
significant operational issue, regardless of external impact,
and
Cause of Error (COE) documents are drafted so the root cause
is captured and preventative actions are taken in the
future.
Implementation of the preventative measures is tracked during weekly
operations meetings.
AWS security monitoring tools help identify
several types of denial of service (DoS) attacks, including
distributed,
flooding, and software/logic attacks. When DoS
attacks are identified, the AWS incident response process is
initiated. In
addition to the DoS prevention tools, redundant
telecommunication providers at each region as well as
additional
capacity protect against the possibility of DoS
attacks.
The AWS network provides significant protection against
traditional network security issues, and you can
implement
further protection. The following are a few
examples:
Distributed Denial Of Service (DDoS) Attacks.
AWS API endpoints are hosted on large, Internet-scale,
worldclass
infrastructure that benefits from the same engineering
expertise that has built Amazon into the world’s
largest online
retailer. Proprietary DDoS mitigation techniques are used.
Additionally, AWS’s networks are multihomed
across a number of
providers to achieve Internet access diversity.
Man in the
Middle (MITM) Attacks. All of the AWS APIs are available via
SSL-protected endpoints which
provide server authentication.
Amazon EC2 AMIs automatically generate new SSH host certificates on
first boot
and log them to the instance’s console. You can then
use the secure APIs to call the console and access the
host
certificates before logging into the instance for the first
time. We encourage you to use SSL for all of your
interactions
with AWS.
IP Spoofing. Amazon EC2 instances cannot send
spoofed network traffic. The AWS-controlled,
host-based
firewall infrastructure will not permit an instance to
send traffic with a source IP or MAC address other than
its
own.
Port Scanning. Unauthorized port scans by
Amazon EC2 customers are a violation of the AWS Acceptable
Use
Policy. Violations of the AWS Acceptable Use Policy are taken
seriously, and every reported violation is
investigated.
Customers can report suspected abuse via the contacts available on
our website at:
http://aws.amazon.com/contact-us/report-abuse/.
When
unauthorized port scanning is detected by AWS, it is
stopped and
blocked. Port scans of Amazon EC2 instances are generally
ineffective because, by default, all
inbound ports on Amazon EC2
instances are closed and are only opened by you. Your strict
management of
security groups can further mitigate the threat of
port scans. If you configure the security group to allow
traffic
from any source to a specific port, then that specific
port will be vulnerable to a port scan. In these cases, you
must
use appropriate security measures to protect listening services that
may be essential to their application
from being discovered by an
unauthorized port scan. For example, a web server must clearly have
port 80
(HTTP) open to the world, and the administrator of this
server is responsible for the security of the HTTP
server
software, such as Apache. You may request permission to
conduct vulnerability scans as required to meet your
specific
compliance requirements. These scans must be limited to your own
instances and must not violate the
AWS Acceptable Use Policy.
Advanced approval for these types of scans can be initiated by
submitting a request
via the website at:
https://aws-portal.amazon.com/gp/aws/html-formscontroller/contactus/AWSSecurityPenTestRequest
Packet sniffing by other tenants. It is not possible for a
virtual instance running in promiscuous mode to receive
or
“sniff” traffic that is intended for a different virtual instance.
While you can place your interfaces into
promiscuous mode, the
hypervisor will not deliver any traffic to them that is not
addressed to them. Even two
virtual instances that are owned by
the same customer located on the same physical host cannot listen to
each
other’s traffic. Attacks such as ARP cache poisoning do not
work within Amazon EC2 and Amazon VPC. While
Amazon EC2 does
provide ample protection against one customer inadvertently or
maliciously attempting to
view another’s data, as a standard
practice you should encrypt sensitive traffic.
In addition to
monitoring, regular vulnerability scans are performed on the host
operating system, web application, and
databases in the AWS
environment using a variety of tools. Also, AWS Security teams
subscribe to newsfeeds for
applicable vendor flaws and
proactively monitor vendors’ websites and other relevant outlets for
new patches. AWS
customers also have the ability to report issues
to AWS via the AWS Vulnerability Reporting website at:
http://aws.amazon.com/security/vulnerability-reporting/
