Useful follows industry best practices, taking every measure to secure and protect your data.
Data protection
Data at rest
Every datastore containing client information, along with S3 buckets, is secured with encryption at rest. Consequently, this ensures that the data remains protected, rendering both physical and logical access inadequate for revealing crucial details.
Data in transit
Utilizing TLS 1.2 or greater, Useful safeguards data transmission across potentially unsecure networks. We employ techniques like HSTS (HTTP Strict Transport Security) to bolster data security during transit. AWS manages server TLS keys and certificates, which are deployed through Application Load Balancers.
Secret management
Encryption keys are securely managed using AWS Key Management System (KMS). KMS ensures the protection of key data by utilizing Hardware Security Modules (HSMs), preventing direct access by unauthorized individuals, including Amazon and our restricted engineering staff members. These keys, stored in HSMs, are used exclusively for encryption and decryption operations via Amazon’s KMS APIs. To safeguard application confidential data, we employ AWS Secrets Manager and Parameter Store, ensuring their encryption and secure storage. Access to these sensitive values is strictly limited to authorized personnel only.
Vulnerability scanning
Useful requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):
Static analysis
Static analysis (SAST) testing of code during pull requests and on an ongoing basis.
Dependency monitoring
Harmful dependency monitoring to avoid the inclusion of malicious software in our digital supply network.
Network scanning
Continuous network vulnerability scanning for threat detection, identification, and alerting.
Threat intelligence
Leveraging threat intelligence sources to stay informed about the latest security threats and vulnerabilities, enabling proactive measures to protect our systems and applications.
Security testing during CI/CD
Automated security checks and validations during code builds and deployments as part of our CI/CD process to detect and address security vulnerabilities at each stage of development and deployment.