FieldGroove powered by Amazon Web Services (AWS) relieves customer IT burden by managing all aspects of physical infrastructure, the guest operating system (including updates and security patches), other associated application software, as well as the configuration of the provided security group firewall.
FieldGroove management has developed a strategic business plan, which includes risk identification and the implementation of controls to mitigate or manage risks. FieldGroove management re-evaluates the strategic business plan biannually, at a minimum. This process requires management to identify risks within its areas of responsibility and to implement appropriate measures to address those risks. In addition, the AWS control environment is subject to various internal and external risk assessments. AWS’ Security Team has established an information security framework and policy, based on the COBIT framework and is transitioning to an ISO 27001 certifiable framework, based on ISO 27002 controls. AWS Security maintains the security policy, provides security training to employees, and performs security reviews. These reviews assess the confidentiality, integrity, and availability of data, as well as conformance to the information security policy.
AWS Security:
AWS Security regularly scans all Internet facing service endpoint IP addresses for vulnerabilities. (These scans do not include customer instances.) In addition, external vulnerability threat assessments are performed regularly by independent security firms. Findings and recommendations resulting from these assessments are categorized and delivered to AWS leadership. These scans are done in a manner to ensure the health and viability of the underlying AWS infrastructure and are not meant to replace the customer’s own vulnerability scans required to meet their specific compliance requirements. AWS’ development process follows secure software development best practices, which include formal design reviews by the AWS Security Team, threat modeling, and completion of a risk assessment. Static code analysis tools are run as a part of the standard build process, and all deployed software undergoes recurring penetration testing performed by carefully selected industry experts. Our security risk assessment reviews begin during the design phase, and the engagement lasts through launch to ongoing operations.
In the case of the FieldGroove application, FieldGroove performs regular scans of its environment (at the application and Operating System layers) to detect vulnerabilities. Vulnerabilities are remediated as soon as they are found. All authentication to the FieldGroove application and servers require 2-factor authentication to ensure authorized access.
AWS has established formal policies and procedures to delineate the minimum standards for logical access to AWS platform and infrastructure hosts. AWS requires that staff with potential access to customer data undergo a background check (as permitted by law), commensurate with their position and level of access to data. The policies also identify functional responsibilities for the administration of logical access and security.
FieldGroove has many years of experience in designing, constructing, and operating large-scale applications. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled, both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of FieldGroove or FieldGroove AWS. All physical access to data centers by AWS employees is logged and audited routinely.
AWS data centers are state of the art, utilizing innovative architectural and engineering approaches.
Redundancy
AWS data centers are designed to anticipate and tolerate failure, while maintaining service levels, and are built in clusters in various global regions. All of AWS’ data centers are online and serving traffic; no data center is “cold”. In case of failure, automated processes move traffic away from the affected area. Core applications are deployed to an N+1 standard, so that, in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Fire Detection and Suppression
Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.
Power
The data center electrical power systems are designed to be fully redundant and maintainable, without impact to operations, 24 hours a day, seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure, for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.
Climate and Temperature
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.
Management
AWS monitors electrical, mechanical and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.
AWS’ principle for service is “continuous availability”. In the event of systems or hardware failure, AWS has designed its systems to tolerate those failures without customer impact.
Incident Response
The AWS incident management team employs industry-standard diagnosis procedures to drive resolution during business-impacting events. Staff operators provide 24 x 7 x 365 coverage to detect incidents and to manage the impact and resolution. For the FieldGroove application, redundant monitors are employed to detect OS and application issues via synthetic transactions.
Business Continuity Plan
AWS’ Business Continuity Plan (BCP) drives standard practices to support ongoing, worldwide business and the ability to scale to the increased scope of catastrophic events. Standard practices are supplemented with dedicated preparation for significant disruptions. AWS maintains current response plans for a series of disaster scenarios, and the response is tested in production by simulating disasters. All of these practices are subject to ongoing company-wide and executive review.
Testing
AWS tests critical systems under simulated conditions of catastrophic failure annually, at a minimum, and uses routine maintenance intervals and external events as testing opportunities.
Data stored in our servers is redundantly stored in multiple physical locations, as part of normal operation of those services and at no additional charge. FieldGroove ensures object durability, by storing objects multiple times across multiple Availability Zones on the initial write, and then actively replicating them in the event of device unavailability or detected bit-rot.
AWS provides customers the flexibility to place instances and store data within multiple geographic regions, as well as across multiple Availability Zones within each region. Each Availability Zone is designed as an independent failure zone. This means that Availability Zones are typically physically separated within a metropolitan region and are in different flood plains. In addition to discrete Uninterruptible Power Source (UPS) and onsite backup generation facilities, the UPS’s are each fed via different grids from independent utilities, to further reduce single points of failure. Availability Zones are all redundantly connected to multiple tier-1 transit providers.
The AWS network provides significant protection against traditional network security issues. The following are a few examples:
Distributed Denial Of Service (DDoS) Attacks
AWS Application Programming Interface (API) endpoints are hosted on large, Internet-scale, world-class infrastructure. Proprietary DDoS mitigation techniques are used. Additionally, AWS’ networks are multi-homed across a number of providers to achieve Internet access diversity.
Man In the Middle (MITM) Attacks
All of the AWS APIs are available via SSL-protected endpoints, which provide server authentication. FieldGroove automatically generates new SSH host certificates on first boot and logs them.
IP Spoofing
FieldGroove servers cannot send spoofed network traffic. The AWS-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address, other than its own.
AWS has achieved Level 1 PCI compliance. AWS has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). FieldGroove runs their applications on AWS’s PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. AWS’s Elastic Compute Cloud (EC2), Simple Storage Service (S3), Elastic Block Storage (EBS) and Virtual Private Cloud (VPC) are included in the PCI compliance validation.
AWS has achieved ISO 27001 certification of their Information Security Management System (ISMS) covering infrastructure and data centers and services.
AWS has successfully completed a Statement on Auditing Standards No. 70 (SAS70) Type II Audit and has obtained a favorable unbiased opinion from its independent auditors. SAS70 certifies that a service organization has had an in-depth audit of its controls (including control objectives and control activities), which, in the case of AWS, relates to operational performance and security to safeguard customer data. The commitment to SAS 70 is on-going, and AWS continues the process of periodic audits.
Last modified: June 8, 2019: Version: 20190608a
Copyright © FieldGroove, LLC 2019. All Rights Reserved.
716 Newman Springs Road, Suite 307 Lincroft, NJ 07738
Privacy Policy
We would love to show you the power of FieldGroove. To setup
a demo or get an account setup, please contact us at
sales@fieldgroove.com or by phone at 212-537-0218