Application is enabled with multi factor authentication when any user logs into the application. MFA has been designed to give security controls in hands of every user and he can configure following setting on his own:
- Default Setting: User has to use a Verification code that will be send on his Mail id while logging from a new browser for the first time.
- Always On: The user can set always on setting and system will push for Verification Code every time he logs in to the application. This setting is particularly useful while using shared systems.
Data Encryption using AES 256
- AES 256 Encryption is used for data at rest and data in transit
- LAWRBIT deploys enterprise-grade encryption for all participant and session files, while maintaining an intuitive user experience.
- Industry standard AES-256 encryption ensures that if a non-authenticated user obtains a file from our solution, data will not be accessible.
- LAWRBIT encrypted files will require the file owner to login in order to view data. Sharing of files will be tightened in order to adequately support security enhancements and ensure protection of data.
- The protection of customer data is a very important requirement of the LAWRBIT as it contains Personal Identifying Information (PII) in the form of first and last name, email address, mobile no, designation and (potentially) employee identification number. In order to secure this PII data at rest, these fields are encrypted within the AWS Relational Data Store (RDS) database using industry “best practice” encryption technologies.
- Application Level Security
- Role Based Access Controls (RBAC)
- Vulnerability Assessment and Remediation
- Software Testing
- Restricted File Upload
- Disaster Recovery Plan
- Password Policy
- Change Management Process
- Network Management and Access Controls
- Implementation of Corporate Wi-Fi & VPN
- Security Training for Employees
- Identity Management
Other Security Aspects
Lawrbit uses Amazon Web Hosting (AWS) to host all its applications. AWS provides us flexibility to host application closer to client’s country of origin and ensure adherence to Data Protection Laws and provide a faster access to the application.
The architecture has been designed to achieve following key objectives:
- High availability
- Performance and scalability
- Scaling of the application to cater varying traffic requests
- Securing the application and database environment
AWS provides on-demand cloud computing platforms to individuals, companies and governments, on a paid subscription basis. The technology allows subscribers to have at their disposal a virtual cluster of computers, available all the time, through the Internet.
AWS has more than million active customers, from Airbnb to GE, use AWS Cloud solutions to deliver flexibility, scalability, and reliability. Learn More https://aws.amazon.com/solutions/case-studies/
DataCentre Compliance & Certifications
- AWS SAS-70 Report http://aws.amazon.com/compliance/soc-faqs/
- AWS SOC 1 Audit is conducted in accordance with International Standards for Assurance Engagements No. 3402 (ISAE 3402). Customers needing an ISAE 3402 Report should request the AWS SOC 1 Type II Report by using AWS Artifact, a self-service portal for on-demand access to AWS compliance reports.
AWS Tools & Services Used
AWS Services used / enable by Lawrbit to enable fast and secured access of application data to end user
- AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. Learn More https://aws.amazon.com/cloudtrail/
- Amazon Elastic Compute Cloud (Amazon EC2) provides resizable compute capacity in the cloud. You define your virtual Amazon EC2 environment with the operating system, services, databases, and application platform stack required for your hosted application. Amazon EC2 provides a full management console and APIs to manage your compute resources. Learn More https://aws.amazon.com/ec2
- Amazon Simple Storage Service (Amazon S3) provides a simple web services interface to store and retrieve any amount of data, at any time, from anywhere on the web. It is durable, highly available, and secure. Amazon S3 also stores multiple redundant copies of your data. Learn More https://aws.amazon.com/s3/
- Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable database capacity while managing time-consuming database administration tasks. Learn More https://aws.amazon.com/rds/
- AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. Read More at: https://aws.amazon.com/iam/
- AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources. Learn More https://aws.amazon.com/iam/details/mfa/
- AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. Learn More https://aws.amazon.com/config/
- AWS CloudFront is a global content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to your viewers with low latency and high transfer speeds. CloudFront is integrated with AWS – including physical locations that are directly connected to the AWS global infrastructure, as well as software that works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code close to your viewers. Learn More https://aws.amazon.com/cloudfront/
- AWS CodeCommt is a fully-managed source control service that hosts secure Git-based repositiories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools. Learn More https://aws.amazon.com/codecommit/