JANA Spark Security
- Users authenticate through JANA Spark via the public internet by supplying a username and password.
- JANA Spark implements AWS Cognito to securely manage authentication, identity and access management using standards such as OAuth.
- Users receive access to site content via a role/permission hierarchy: users are assigned a role which have a standard set of permissions controlling actions they are able to perform or resources they can access.
Infrastructure and Network Security
- Network segregation is enforced through the use of AWS VPCs and private subnets, based on the AWS best practice reference architecture for securing financial data.
- Firewalls (AWS Security Groups and Network ACLs) are applied to all resources, exposing only required ports.
- All internal JANA staff access to infrastructure is via a secured VPN only, and access is granted on a ‘least privilege’ basis.
- All public pages are served over 256-bit SSL.
- Sensitive secrets (e.g., database passwords) are encrypted using AWS Key Management Service (KMS) and can only be decrypted by a limited set of users.
- All servers are regularly updated with the latest security patches.
- AWS data centres adhere to a high standard of physical security and environmental fault tolerance. For further details see http://aws.amazon.com/security.
- JANA undertakes regular automated penetration testing using Detectify – an online security scanner that automatically tests for 1000+ vulnerabilities. This is scheduled to occur weekly or upon deployment of a significant new platform service or enhancement (risk/impact assessment is made).
- The results of this testing can be made available to clients and partners upon request.
Backup and Audit
- Backups are kept of all database contents. Daily backups are securely stored in Amazon S3 (a cloud storage service).
- All actions within JANA Spark are logged and a full audit trail is available.