![Group 2533.png]](https://www.northgrc.com/hs-fs/hubfs/NorthGRC/Group%202533.png?height=40&name=Group%202533.png){kind=small}
Security in NorthGRC
This document describes the overall architecture and security design of NorthGRC in GovCloud.
Confidentiality, Integrity and Availability
NorthGRC uses Statens IT(Hence known as SIT) as infrastructure for NorthGRC hosting. SIT handles all the infrastructure associated with physical security, such as power, cooling, and internet connections.
Infrastructure description
NorthGRC consists of two parts, a frontend hosted on web servers and executed in the clients browsers, and a backend of microservices and a database cluster. Both frontend and microservices are hosted in a Kubernetes cluster, which provides load balancing and redundancy to obtain a highly available service. Remote management access to the Kubernetes cluster and the backend database cluster is limited to a few employees within NorthGRC. All non encrypted HTTP requests will be redirected to HTTPS, which is the only public allowed protocol into the private cloud zone. The database is a PostgreSQL service hosted within the same private cloud as the application cluster, and all access to the database server is limited to this zone. Cluster Web servers are using NorthGRC SSL certificates. We only allow strong encryption protocols, so clients need to have updated applications and operating systems to gain access to the application. SIT provides port level firewalling and filtering services and Linux cluster nodes use local firewalling to allow only SSH, HTTP and HTTPS.
Risk assessment
NorthGRC regularly performs risk assessment of SIT as an ‘infrastructure-as-a-service’ (IaaS) provider. The results are compared to other IaaS providers.
Data Segregation
Each customer is allocated his own separate database. All access to the database is managed through a security token linked to each user, ensuring that users from one customer cannot access data in other databases, even if the application code contains bugs.
Backup
At least twice per day the server makes an image of all data in the database. The backup is AES encrypted with a customer specific key, before moved to a centralized storage (S3). The daily backups are stored for five years, where they are automatically deleted. On request, NorthGRC can manually delete all backups.
Penetration Test
Recurring vulnerability scans are performed as a part of NorthGRC's ISO 27001 ISMS tasks. Denial of service tests are only performed inside the planned service windows to ensure service capacity for our customers.
Secure Application Design
SaaS is a three-tier application design in which the presentation layer, business logic and data layers are physically separated. Thus, the application can only write to the database through the controls provided by the business logic layer. This is protecting NorthGRC from SQL injection attacks reducing the likelihood of integrity breaches.
All three layers are deployed separately and designed to scale depending on the cluster node load. This ensures that the service is always available and responding.
Integration
NorthGRC provides Application Programmers Interfaces (APIs) for internal use and to allow integration with other applications. The APIs are used by the NorthGRC frontend to access security, all business logic and database data. The API is only accessible through secure encrypted https and obtained valid security tokens needs to be included in all calls.
NorthGRC staff access
NorthGRC Support staff cannot login to the NorthGRC instance dedicated to the end customer unless the customer creates and shares login credentials for support purposes. NorthGRC Support staff can create a new User Manager or add a User Manager role to an existing user on request from a customer. All access (including Support staff access) is visible to the Customer in the activity log.
Updates
NorthGRC releases NorthGRC updates to the cluster when new versions of NorthGRC become available. Customers can expect at least 4 updates per year. Updates are primarily performed in the standard service window which is the night between Saturday and Sunday from 00:00 pm to 02:00 pm CET.