Data at rest
Every datastore containing client information, along with S3 buckets, is secured with encryption at rest. Consequently, this ensures that the data remains protected, rendering both physical and logical access inadequate for revealing crucial details.
Data in transit
Utilizing TLS 1.2 or greater, Useful safeguards data transmission across potentially unsecure networks. We employ techniques like HSTS (HTTP Strict Transport Security) to bolster data security during transit. AWS manages server TLS keys and certificates, which are deployed through Application Load Balancers.
Encryption keys are securely managed using AWS Key Management System (KMS). KMS ensures the protection of key data by utilizing Hardware Security Modules (HSMs), preventing direct access by unauthorized individuals, including Amazon and our restricted engineering staff members. These keys, stored in HSMs, are used exclusively for encryption and decryption operations via Amazon’s KMS APIs. To safeguard application confidential data, we employ AWS Secrets Manager and Parameter Store, ensuring their encryption and secure storage. Access to these sensitive values is strictly limited to authorized personnel only.
Useful requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):
Static analysis (SAST) testing of code during pull requests and on an ongoing basis.
Harmful dependency monitoring to avoid the inclusion of malicious software in our digital supply network.
Continuous network vulnerability scanning for threat detection, identification, and alerting.
Leveraging threat intelligence sources to stay informed about the latest security threats and vulnerabilities, enabling proactive measures to protect our systems and applications.
Security testing during CI/CD
Automated security checks and validations during code builds and deployments as part of our CI/CD process to detect and address security vulnerabilities at each stage of development and deployment.