We get asked a lot of security questions relating to our cloud-based services (namely, Cyanic Business Automation Studio, the platform that powers our Cyanic HSE management software), and with good reason. The protection of personal and corporate data is critical, and when considering any software-as-a-service option, it is important to know the policies and practices of those who are ultimately holding your information.
No system can be guaranteed to be 100% secure. This includes not only the cloud-based services we use everyday such as banking, shopping, and government services, but also the physical security of systems and hard copy data on your premises that are subject to theft, fire or natural disaster. Instead of the typical security hand-waving you’re probably used to, I’d like to do an in-depth review of Cyanic Automation’s strategies concerning electronic security, and allow organizations to make informed decisions about Cyanic Automation’s internet-based services.
Warning: technical jargon ahead.
Security Threats and Mitigation
Data breaches are what most people are concerned of when using cloud-hosted services; specifically, that a remote attacker can exploit a weakness of an application or its infrastructure to gain access to sensitive information. Below is a list of strategies we use to minimize this risk:
- All Cyanic Business Automation Studio servers are hosted in the Microsoft Azure cloud, providing a large, trusted name to manage both the electronic and physical security aspects of the hosting infrastructure. Binary data is hosted in Azure Storage which is protected by Microsoft-standard protocols.
- Our database and web servers run on Linux with all but the most critical (HTTP/HTTPS) and secure (SSH) endpoints locked down to external access. Security updates are reviewed and applied on at least a weekly basis, and more frequently in the case of critical issues (such as the Heartbleed SSL issue).
- Cyanic Business Automation Studio is built on a mature and commodity-level technology stack that powers a great deal of the internet and is supported by a large and responsive community.
- Cyanic Automation uses industry best-practices around the storage of user passwords (PBKDF2 with random salting and 256-bit keys), meaning that a stolen database will not easily compromise your users’ access to other systems. Further, all cryptographic functions directly use common, industry-standard libraries.
- All internal data requests are parameterized, removing the possibility of SQL injection attacks.
- All direct object references go through a single, authenticated API, and ACLs on each object are validated as part of each request. All parts of the web API, including security and function-level access control, are validated by an automated and comprehensive test suite.
- Off-cloud backup data is never kept on unencrypted storage.
The second main concern of cloud-hosted systems is the potential loss of business-critical data that is stored on those systems. This risk is minimized as follows:
- As stated above, cloud infrastructure is provided and maintained by Microsoft. The platform provides geo-redundant storage and virtualization which protects against most infrastructure-based causes of data loss (failure of storage media or other system hardware).
- Our databases perform streaming replication to warm standby servers to provide high availability in the case of a server or rack fault inside the cloud environment.
- To protect against application-based data loss or catastrophic cloud infrastructure failure, database transaction logs are archived and shipped to off-cloud encrypted storage every 10 minutes, allowing us to rebuild the database to within 0-10 minutes of the failure or loss point.
- All form-based data in Cyanic Business Automation Studio is internally historized to allow access to previous versions (in the case of user-based data loss) and also to provide auditing in the event of abuse.
- Cyanic Business Automation Studio allows users to export their data in the form of PDFs, and we highly recommend that our customers routinely use this feature to guarantee access to their data even in the face of extraordinary circumstances that we are not able to control.
Account or Service Hijacking
Even with a secure infrastructure, many systems are vulnerable to user-centric attacks where a user’s network traffic is intercepted and hijacked, or a user’s session is tricked into performing actions from an external source. For the past decade, the OWASP (Open Web Application Security Project) ‘Top 10’ vulnerability list has contained most of the following common attack vectors that continue to plague internet-based applications; the following is our strategy to control these risks:
- Cross-Site Scripting (XSS): All output is fully encoded through an MVVM framework, preventing markup and data from being treated as executable code on the client’s web browser.
- Cross-Site Request Forgery (CSRF): All pages served by Cyanic Business Automation Studio include anti-CSRF tokens that are required by all web API requests that modify data or otherwise change the state of the system.
- Insufficient Transport Layer Protection: Cyanic Business Automation Studio forces all traffic between client and server to use HTTPS/SSL, preventing data and session information from being intercepted on public networks.
Denial/Loss of Service
Denial of service is an attack on a system’s accessibility rather than its data. The direct risk to the end user is that the service or its information will not be available when it is needed. This risk is minimized as follows:
- Microsoft Azure has a number of basic protection strategies available to hosted systems, primarily throttling network requests when it detects network flooding.
- Access to Cyanic Business Automation Studio is by customer subscription only, meaning that computationally expensive operations are not available to the general public.
- As stated previously, we recommend that our customers routinely use the data export features so that data is available offline. Further, if data entry into electronic forms is critical for business functions (such as hazard assessments which must be completed before a job can be started), it is important that workers always have access to paper forms in case the system is inaccessible for any reason including system or network outage.
Other Hosting Options
We believe that our Microsoft Azure-based hosting strikes a good balance between security and the cost-effectiveness of our solution. If your organization has security requirements that are not adequately addressed by our cloud security strategy, or if it is unacceptable to our Canadian customers for their data to reside in US data stores, Cyanic Automation offers two alternative hosting options at an increased cost.
Canadian-Based Single-Tenant Hosting
Cyanic Automation can host a system at a Canadian-based provider which is dedicated solely to your organization, and which does not share data with any other organizations.
Cyanic Automation can deliver server equipment to be installed and operated inside your organization’s network. We will assist with installation, software updates and back-up strategy; however there will be an increased burden of maintenance on your IT organization.
Cyanic Automation is absolutely committed to protecting your data, and security is our single largest development focus. If you have any questions, please either contact us or leave a comment below.