JANA Spark Security

  • Users authenticate through JANA Spark via the public internet by supplying a username and password.
  • JANA Spark implements AWS Cognito to securely manage authentication, identity and access management using standards such as OAuth.
  • Users receive access to site content via a role/permission hierarchy: users are assigned a role which have a standard set of permissions controlling actions they are able to perform or resources they can access.

Infrastructure and Network Security

  • Network segregation is enforced through the use of AWS VPCs and private subnets, based on the AWS best practice reference architecture for securing financial data.
  • Firewalls (AWS Security Groups and Network ACLs) are applied to all resources, exposing only required ports.
  • All internal JANA staff access to infrastructure is via a secured VPN only, and access is granted on a ‘least privilege’ basis.
  • All public pages are served over 256-bit SSL.
  • Sensitive secrets (e.g., database passwords) are encrypted using AWS Key Management Service (KMS) and can only be decrypted by a limited set of users.
  • All servers are regularly updated with the latest security patches.
  • AWS data centres adhere to a high standard of physical security and environmental fault tolerance. For further details see http://aws.amazon.com/security.

Penetration Testing

  • JANA undertakes regular automated penetration testing using Detectify – an online security scanner that automatically tests for 1000+ vulnerabilities. This is scheduled to occur weekly or upon deployment of a significant new platform service or enhancement (risk/impact assessment is made).
  • The results of this testing can be made available to clients and partners upon request.

Backup and Audit

  • Backups are kept of all database contents. Daily backups are securely stored in Amazon S3 (a cloud storage service).
  • All actions within JANA Spark are logged and a full audit trail is available.