Updated 7 August 2018
Skedulo and its third party providers have implemented extensive security measures to help protect against the risk of loss, misuse and alteration of any information under Skedulo’s control including using encryption, limiting employee access, and using industry-standard controls such as firewalls and secure environments for personally identifiable information.
Skedulo is a business associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH). Skedulo runs a formal privacy and security management program that includes technical, physical, and administrative safeguards to protect the privacy, confidentiality, integrity, and availability of customer data, including HIPAA protected health information, such as:
- Encryption of data in transit and at rest
- Restriction of customer data to a need-to-know basis within Skedulo, and regular access control reviews
- Required privacy and security training for all Skedulo workforce members
- Formal risk management, including regular reviews of Skedulo’s risk and security posture
- Implementing a secure software development lifecycle
- Regularly backing up data (and disposing of it securely)
- Designating incident response and business continuity teams, and regular training and testing response plans
Reporting Security Vulnerabilities
If you discover a potential security vulnerability we strongly prefer that you notify us in private. Publicly disclosing a security vulnerability without informing us first puts the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue. Thank you!
1. Data Center Security
Skedulo runs on the Amazon Web Services global infrastructure platform. AWS publishes an “Overview of Security Processes” whitepaper that serves as the reference material for this section. SOC 2 reports are available directly from AWS upon request.
AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. Additionally, AWS also has assurance programs that provide templates and control mappings to help customers establish the compliance of their environments running on AWS against 20+ standards, including the HIPAA, CESG (UK), and Singapore Multi-tier Cloud Security (MTCS) standards. p. 6 – “Introduction to AWS Security – July 2015”
1.B. Physical Security
AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. p. 5 – “Amazon Web Services: Overview of Security Processes – May 2017”
1.C. Environmental Security
AWS data center environmental controls include:
- Fire detection and suppression systems
- Redundant power systems, backed by Uninterruptible Power Supply units and generators
- Climate and temperature controls
- Active system monitoring
pp. 5-8 – “Amazon Web Services: Overview of Security Processes – May 2017”
2. Skedulo Network Security
2.A. Secure Architecture
The Skedulo stack runs in separate AWS Virtual Private Clouds. Most services run in a private subnet. Only SSL/TLS endpoints and a bastion host are exposed to the Internet. Backend users connect to the stack through the bastion host, which restricts access to stack components and logs activity for review. Our Prod and Test environments run in separate unconnected AWS accounts.
All public-facing EC2 instances use inbound Security Group rules configured in deny-all mode. Ports are opened as necessary for administrative SSH access. Public-facing Skedulo Endpoints (which consist in part of an AWS load balancer) are configured to allow traffic on all ports, but only listen on the specific ports required for functionality (e.g., 80 and 443 for an HTTPS Endpoint).
2.C. DDoS Protection and Mitigation
Skedulo’s VPC-based approach means that most stack components are not accessible from the Internet, and cannot be targeted directly by a DDoS attack.
Skedulo SSL/TLS endpoints include an AWS Elastic Load Balancer, which only supports valid TCP requests, meaning DDoS attacks such as UDP and SYN floods will not reach your app layer.
2.D. Port Scanning
AWS monitors and stops unauthorized port scanning. Because most of a Skedulo stack is private, and all hosts run strict firewalls, port scanning is generally ineffective.
2.E. Spoofing & Sniffing
The AWS network prohibits a host from sending traffic with a source IP or MAC address other than its own. The AWS hypervisor will also not deliver any traffic to a host the traffic is not addressed to, meaning even an instance running in promiscuous mode will not receive or be able to “sniff” traffic intended for other hosts.
p. 13 – “Amazon Web Services: Overview of Security Processes – May 2017”
2.F. Network and Host Vulnerability Scanning
Skedulo scans both the Internet-facing network and private network of a master reference stack each month. Skedulo is responsible for network and host security and remediates adverse findings without customer intervention.
3. Skedulo Platform Security
3.A. Configuration and Change Management
For app services that have an SSL/TLS endpoint attached, Skedulo performs a health check on the container set before promoting it to the current release. If the health check fails, the container set is not promoted. Either way, the deploy is zero-downtime.
3.B. Logging and Monitoring
Skedulo logs application and API activity in a HIPAA compliant manner. Skedulo monitors performance indicators such as disk, memory, computer, and logging issues, and automatically resolves them on your behalf.
3.C. Host Hardening
Skedulo host operating systems are hardened based on the Center for Internet Security’s Security Configuration Benchmark for the OS and version in use. For all operating systems:
- Operating systems are installed on hosts only from bare images, and only via automated configuration management. Services installed can be enumerated upon request.
- Host password logins are disabled. SSH root keys are not permitted.
- No password-based services are installed automatically. Password-based services (such as PostgreSQL) are provisioned only with unique Skedulo-generated passphrases. No default passwords are permitted.
- Host security updates are automated.
- All host ports are opened only via whitelist.
Databases run in the database layer of our stack, on a private subnet accessible only from app or bastion layer. SSL/TLS is required if the database protocol supports it. Disk volumes backing databases are encrypted at the filesystem level using AES encryption.
4. Skedulo Business Continuity
Skedulo automatically backs up several different types of data:
- Customer metadata is stored in the Skedulo APIs, backed by the Amazon Relational Database Service. This metadata includes customer account data and Skedulo configuration data, such as environmental variables. Backups are taken nightly and retained for 30 days.
- Skedulo customer database disks are automatically backed up nightly and retained for 30 days and backed up externally. No customer action is required. Two backup copies are kept: One in the region where the database runs, to facilitate fast disaster recovery; the other in a separate geographic region to protect against loss of the original region.
4.B. Fault Tolerance
AWS data centers are clustered into regions, and sub-clustered into availability zones, each of which is designed as an independent failure zone, meaning they are:
- Physically separated
- Located in lower-risk flood plains
- Equipped with independent uninterruptible power supplies and onsite backup generators
- Fed via different grids from independent utilities, and
- Redundantly connected to multiple tier-1 transit providers
4.C. High Availability
High availability is primarily handled by Skedulo’s microservices architecture that supports running multiple instances of our critical services across multiple availability zones.
Skedulo makes use of load balancers and health checks to ensure incoming connections are routed to healthy services and a red/black deployment strategy to ensure new service instances are working before an old one is removed.
The production system is designed to eliminate single points of failure where possible and supports switching on to a backup cluster in a different datacenter if required.
4.D. Disaster Prevention and Recovery
Skedulo monitors the stability and availability of customer infrastructure and automatically recovers from disruptions, including app and database failures. In the event of a disaster, Skedulo restores apps from the last healthy build image and restores data from the last backup. In the event of a database outage, Skedulo will automatically recover the underlying database instance and disk. If the disk is unavailable, Skedulo will restore from a backup.
5. Skedulo Internal Security
5.A. Skedulo Access
We do not access or use data for any purpose other than for developing and operating the Services and as required by law. Skedulo workforce members are granted least-privilege access to customer environments only when a specific business need arises.
5.B. Security Management
Skedulo manages information security consistent with ISO 27001 and applicable legal and regulatory requirements such as HIPAA and GDPR.
Notwithstanding Skedulo’s extensive efforts, such security measures may not prevent all loss, misuse or alteration of information disclosed on the Site. Therefore, we cannot guarantee its absolute security.
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at firstname.lastname@example.org. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.