Biggerflip Ltd is in the process of documenting and formalising an Information Security Management System. Protecting our client's data is a critical business requirement to avoid adversely impacting our customers and to avoid reputational damage to our brand.
Our goals are to keep our client's data:
confidential - restricting its availability to only those specified;
available - ensuring it's accessible; and
accurate and consistent - avoiding corruption and loss.
This is achieved through our security policy that defines the scope of the systems and data to be managed, and the controls and procedures to be used by staff. We are currently documenting and reviewing this policy, particularly with respect to changes to our infrastructure and architecture, to assess and manage security risks.
Biggerflip is a small organisation comprising the founding partners and a small group of development and operational staff. The founding partners understand the importance of information security to their business and provide technical and commercial leadership in this area.
The founding partner with technical responsibility for security is;
Dr Andrew Wood
Biggerflip Ltd Kemp House, City Road, London, England, EC1V 2NX
firstname.lastname@example.org +44 7505 275 366
who is the primary customer contact for security-related issues.
Ideaflip Data Security Model
Biggerflip has developed a very clear and straight-forward data model for our product, based on the concept of boards that belong to users who have complete control over creation, editing, sharing and deletion of the data within them. Combined with standard information security practices we have created a sustainable cloud-based system.
All Ideaflip data is centred around individual boards, and each is owned and managed by one or more owner-level users who control access to it until it is deleted. All the data associated with each board is isolated from every other board. Individual users can export board data in a variety of formats to archive on their own systems.
Enterprise customers may nominate a number of manager-level users who have the ability to change who owns each board created under their plan. This caters for scenarios where staff leave the company.
The Ideaflip system provides board data export in image document formats (PNG and PDF) as well as spreadsheet data (CSV and xlsx for Excel). The former shows the visual relationship of the data and the latter provides logical information (e.g. which note is in which group). There is no bulk export facility at the moment, but individual owners can extract each board in turn via a series of URLs.
Biggerflip operates an industry-standard process for all IT processes.
Development, including infrastructure and configuration changes, is planned as a set of tasks that are to be completed by our development team according to our client, strategic and commercial priorities. These tasks are managed through our central issue management and version control system. On a regular basis, completed changesets are batched into a release candidate which is tagged and deployed to our UAT platform (a duplicate of our live environment).
All deployment and configuration are automated through scripts to ensure consistency between environments. In UAT the release is smoke tested manually and then extensively tested by our automatic test suite.
In addition, based on assessing the risk from the RFC and changelog, we may undertake further ad hoc or specific testing (e.g. user, browser or automated load tests). Based on the results of these tests the release is either signed off as ready for deployment to production or sent back to development for remedial fixes. Once successfully signed off, a maintenance window is then planned and agreed for support to deploy the release to the production environment and a period of closer monitoring is undertaken to identify the unlikely event of change rollback being necessary.
Security is a key part of Biggerflip's software development process. We build upon tried and tested web framework and libraries and standards like OAuth2 for our application. Layered on top of this is a carefully architected application user-role model that enables users to maintain complete control of their data. We have automated testing of user roles.
Biggerflip aims to keep our operating system and frameworks as up to date as practicable without compromising the stability of our Ideaflip platform. In practical terms, this means that we have adopted the Long Term Stable (LTS) versions of our operating system and web development frameworks and that we aim to patch them at least every two months, before testing the new versions as part of the normal release process.
We use Ansible scripting to automate infrastructure build, configuration and deployment. This ensures that deployments to our test environments are done in the same way as to live. Every release is deployed to our test environment and tested manually and automatically before being signed off for deployment into production (using the same process).
Biggerflip uses Amazon Web Services to host their cloud services. For more detail see the AWS Security Whitepaper available from https://aws.amazon.com/whitepapers/#Overview_of_Security_Processes. Biggerflip uses certified Ubuntu Server 18.04 LTS (Long Term Support) EC2 images from Canonical.
Biggerflip conducts standard hardening on EC2 instances in line with standard recommendations, typical hardening would include the plan as defined here: http://blog.mattbrock.co.uk/hardening-the-security-on-ubuntu-server-14-04/. In addition, each server is dedicated to running our software and are built from a minimal operating system image with only the services that are required for the Ideaflip system to run being installed, to reduce exposure to vulnerabilities.
The Ideaflip system architecture uses the Amazon Virtual Private Cloud firewall mechanisms of security groups to control access to the servers. The Amazon management console and API are controlled directly by Amazon themselves and are separate from the instances' network traffic. In addition, we use different security groups for client data and administration access to provide logical separation and independent control.
All remote administration is through ssh. Access for clients to the Ideaflip service is exclusively through encrypted SSL transports (HTTPS and WSS). All web traffic passes through Nginx running the ModSecurity web application firewall, configured with the OWASP ModSecurity core ruleset.
The architecture makes use of Amazon's simple storage service (S3) to provide unlimited storage for uploaded client files, and this is secured such that the data stored there can only be accessed via the instances.
Uploaded files to the Ideaflip servers are scanned using regularly updated antivirus software (ClamAV) before being stored onto the network file system or being served back to clients.
All client data, whether stored in our databases or uploaded to filesystems is encrypted at rest.
Biggerflip employs automated monitoring at various levels in their systems with alert notifications to support staff when unusual incidents are detected. Our support staff operate primarily during UK office hours (Mon-Fri 09:00-18:00) with staff on call on the best efforts basis outside that time. Enterprise clients may request a more responsive service level with increased response times (at additional cost).
Ideaflip systems are set up to log various status metrics as well as other system and user activity. Our server instances routinely run activity monitoring and notification tools (logwatch, acct and ossec). The servers also run scheduled rootkit scans (chrootkit and rkhunter) regularly.
Biggerflip policy is to notify our customers as soon as practicable of serious system incidents (downtime, data loss or security infringements) that may have an impact on customers, plus keep them informed of our actions to mitigate these.
All production system account activity by support staff (either by script or on the console) is logged and a weekly report is generated.
Ideaflip Business Continuity
Biggerflip is in the process of developing a business continuity management system to be followed in the event of emergencies.
Biggerflip databases are regularly backed up to ensure client data is not lost. However, we do not maintain a long term archive of backups as there is no business or customer requirement to do so. Nonetheless, we can, in extraordinary circumstances, look to recover deleted data for up to 30 days.
Biggerflip regularly rebuilds their entire server infrastructure from scratch (using automated scripts) and restore backup data onto it to ensure readiness in the unlikely event of failures of all redundant components.
Ideaflip Data Security Document updated December 2019