CloudAMQP Security Policy
This Security Policy was last revised on January 2, 2017.
A certain amount of confidence is needed when relying on third party vendors to manage and handle your online data securely. Cloud security is important, because it is essential for protecting hosted information - we understand that even small gaps in security coverage can put everything at risk including your data, customer information, uptime, and potentially a company’s reputation. Therefore the need exists for a general understanding of what we at CloudAMQP are doing to protect the integrity of your data.
This document will give a brief introduction to the security policies in CloudAMQP. It is a living document that is continually updated. Our security policies are not limited to this document, effective security is a team effort that we evolve all the time. We routinely audits and manages the security of our services and applies security best practices.
Our internal development, operations, and processes themselves have been constructed to provide maximum data security.
1. System security
1.1 Coding standards and development
A well built environment start with high coding standards that guard against attempted security breaches and are accompanied by code reviews and tests. We have strict development processes and we are following specified coding standards to ensure the best security practices.
1.2 Application Security
System components undergo tests (various black box and white box tests) and source code reviews to assess the security of our application interface, architecture, and services layers before we are adding our code into production. CloudAMQP always control third-party applications to review the security of them before we are adding them into CloudAMQP services.
1.3 System Configuration
Server and system access is limited to some people in CloudAMQP and requires ssh keys when identifying trusted computers along with usernames and passwords. Furthermore, everyone at CloudAMQP are forced to enable 2-step authentication on every cloud platform that are providing it (such platforms as AWS and Heroku). We do not share individual authentication credentials.
1.4 Patch Management
CloudAMQP always applies patches based on advisory for our servers, and associated devices. Critical patches are applied within 48 hours of release of the patch.
1.5 End-point Security
All end-points (computers, laptops, mobile phones) are using encrypted storage, secure passwords and auto-locking mechanisms. For mobile phones only applications from trusted application stores such as the AppStore and the Google Play Store are allowed. All end-point devices are patched to the latest stable OS update, and application updates. Malware and anti-virus applications are installed were applicable.
2 Physical Data Center Security
Our physical infrastructure is hosted and managed on a range of different datacenter’s (AWS, Azure, IBM Softlayer, GCE, Rackspace etc). We rely on their flexible and secure cloud infrastructure to store data logically across multiple cloud regions and (in AWS) availability zones. The data centers ensures the utmost in data security and protection. They all ensure that all data is stored in highly secure data centers. All data centers that run our solution are secured and monitored 24/7. Physical access to datacenter facilities is strictly limited to select cloud staff. They continually manage risk and undergo recurring assessments to ensure compliance with industry standards.
How specific datacenters are handling fire detection, power loss, climate disasters, temperature control, datacenter management, etc., can be found on the datacenters' websites.
- AWS Cloud Security: https://aws.amazon.com/security/
- Google Cloud Platform Security: https://cloud.google.com/security/
- Security Features in the Azure Platform: https://azure.microsoft.com/en-us/support/legal/security-overview/
- Bluemix: https://console.ng.bluemix.net/docs/security/index.html
- Softlayer: https://developer.ibm.com/marketplace/docs/technical-scenarios/security-services-softlayer/
- Rackspace: http://www.rackspace.com/about/datacenters/
3 Customer Data Security
CloudAMQP provides several security capabilities and services to increase privacy. No one will be able to connect or view your RabbitMQ server as long as you take care of your connection credentials.
3.1 CloudAMQP employees
A few employees at CloudAMQP will have the possibility to access the server and RabbitMQ. We ensure that we will not view any messages sent across our servers without permissions. CloudAMQP cannot access message payloads that have been encrypted at client level.
All employees undergo pre-employment background checks and must agree to company policies including security policies.
3.2 Data in Transit
CloudAMQP uses SSL/TLS to secure data in transit. SSL certificates are updated on a regular basis or in an event of a security advisory from external security centers. You have to enable TLS/SSL to and from your application to ensure secure transit between CloudAMQP and your application (read section 4.4.3 TLS).
3.3 Data in rest
Message data and it's payload are replicated across two or more zones on all two and three node clusters in AWS (if nothing else specified by the customer). Messages and payloads can be encrypted for additional security of data at rest.
3.4 Security capabilities - Customer Best Practices
This section describe what you can do to protect your account in the best way possible.
3.4.1 Password protection and 2-step verification
You are responsible for maintaining the secrecy of your unique password and account information at all times. We recommend you to use a strong passphrase and rotate your password once in a while, password rotation can be done from the control panel of your instance. We also recommend that everyone in the team enable 2-step authentication to secure the access to your account even more.
Use CloudAMQP teams to invite your co-workers to your project rather than sharing user credentials.
3.4.2 Unusual account activity
We want to keep you in the loop on important actions on your CloudAMQP account. Therefor we will notify you via email if we detected something unusual about a recent access.
3.4.3 TLS and encrypted data
CloudAMQP do support TLS (SSL) where you can encrypt your data in transit. Protect sensitive data transmitted to and from applications. Note that TLS will only secure messages during the transport. What we recommend for highly sensitive information (HIPAA, PCI etc) is that you encrypt your message bodies on your side and that you have a shared key between your publishers and your consumers.
3.4.4 AWS VPC isolation
Amazon VPC (Virtual Private Cloud) let you define a private network in the cloud. It’s a service that provides isolation and security. It is built on a deny-all-by-default security - as we have to explicitly permit inbound and outbound traffic to the instance. More information about VPC isolation in CloudAMQP can be found here: https://www.cloudamqp.com/blog/2014-11-14-amazon-vpc-peering.html and information about AWS VPC in general can be found here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
Please feel free to contact us with any questions about this Security Policy, suggestions or concerns about any of the points outlined above at firstname.lastname@example.org