Menu

Acoer Data Exchange Security Policy

Customer Integration Security Policy

This document outlines our recommended approach for data integration of customer data. Every use case is different, but the following items should cover most scenarios:

  • All data will be stored in an Amazon S3 bucket;
  • This S3 bucket will be encrypted by default at REST using the proven AWS cryptographic system KMS;
  • This S3 bucket will version all content by default;
  • Clients will have two possibilities of access:
    • Using AWS SDK and connected to the AWS Identity and Access Management platform. We will provide AWS credentials to access the dedicated bucket. AWS provides SDKs in C++, Go, Java, Javascript, .Net, NodeJS, PHP, Python and Ruby.
    • If the client is not familiar with AWS and S3, we will provide a secure SFTP server to access the S3 bucket transparently. We will provide Username / Password credentials to login to the SFTP server. All credentials will be store in AWS Secret Store manager.
  • When ACOER provides the password to clients, we will use a secure system ensuring:
    • One time secrets - as soon as a secret is decrypted, it will only be shown once and deleted afterwards;
    • Securely encrypted – using modern, state-of-the-art encryption libraries and algorithms based on OpenSSL;
    • Expiring secrets - a secret will automatically disappear after a specified lifetime, ranging from 5 mins up to 7 days;
    • Secure connection - the public website is completely protected by an SSL certificate, the Internet's leading encryption technology
  • All credentials are tested and verified before any communication with client IT staff;
  • After processing (for integration with Acoer analytics technologies), all data is securely stored in a MongoDB data collection (hosted in AWS but managed by MongoDB directly). Using a service fully managed by MongoDB ensures best-in-class automation and proven practices guaranteeing availability, scalability, and compliance with the most demanding data security and privacy standards.
  • The entire MongoDB is also fully encrypted using AWS KMS;
  • All user access through our web portal is provided through state of the art Okta user credentialing (including use of one-time tokens and multi-factor authentication);
  • All of our applications are permissions-based and implement a multi-role security model (not all users have privileged data views);
  • Finally, all communications in transit are encrypted using HTTPS by default